Scams are something that I usually associate with the elderly. I always envision a shady person on the phone with a sweet grandma, taking advantage of her lack of understanding of the modern world to extract as much money as possible. I know that online scams affect people of all ages, but I never fully internalized that it’s an issue that affects young adults like myself.
This made it quite the shock when my friend told me he was scammed out of $600 recently. Much like me, he’s a college student working a summer internship that he found through our school’s civic engagement program. He’s really smart, driven, charismatic – really the last guy you’d expect to fall victim to a phishing scam. This left me with one question: how on God’s green earth did he fall for this?
I was genuinely in shock. There’s just no way he of all people would believe a fake email requesting $600.
The problem was it wasn’t just a generic impersonation email. It was an email that appeared to be from his boss.
The email was from an account that mimicked every aspect of his boss’ account. Same profile picture, same names, same font. The only thing different was the domain. The problem: The email service his company uses doesn’t display the sender’s email address unless you click on the account profile. My friend didn’t do that; he had no reason to suspect that this wasn’t from his boss.
The requests from the email weren’t ridiculous either. It was asking him to put his debit card into an online portal to use for a business expense that would be reimbursed. In hindsight, it’s definitely suspicious that they wouldn’t put that on a company card, but for a first-time intern, how could he know the company policy?
The worst part is he was extremely careful through the entire process. When he got the email, he immediately texted his boss to see whether it was a real request. No response. He waited 24 hours to follow up. No response again. He let the weekend pass and followed up on Monday. Still no response.
After that, he told me that as the lowest worker on the totem pole, he was worried about not doing what his boss asked of him, so he just assumed that it was legitimate as to not leave something undone. Five days and $600 later, his boss finally texted back telling him it wasn’t him who sent the request. He apologized profusely for the miscommunication error, but an apology can’t bring back $600.
There were two takeaways I got from this.
The first: It would be nice if supervisors for interns and new hires took on greater responsibility to provide a smooth transition for young adults new to the workforce. I understand that young adults need to be self-sufficient in the working world. However, many young people don’t really know anything about norms and customs in the workplace. This could improve with more onboard training.
The second is that scams are evolving. When my friend showed me the side by side between the scam email and an email from his boss’ account, I was shocked by how identical the two were. It just showed me that scams are no longer just people impersonating Amazon or the IRS, trying to scam you out of a gift card. This scammer obviously spent a lot of time researching specific details that were able to confuse a really sharp individual.
This was an expensive lesson for my friend. We hope that sharing it helps at least one other person.
Gregory is an honors student at Northwestern University in Evanston, Ill., majoring in political science and economics. At Northwestern, he is a founding member of both the Phi Gamma Nu pre-professional development alpha chapter and the Greek-American legacy association. He is also a member of the Northwestern student political union, and outside of school he is an avid soccer fan, in addition to enjoying classical piano.