I recently joined Content House as a Business Journalist, working across some of Malta’s leading online media platforms, including WhosWho.mt, MaltaCEOs.mt, BusinessNow.mt, MaltaInvest.mt, and iGamingCapital.mt. With several years of experience in media – ranging from podcasting to radio journalism I felt prepared for this new chapter. But nothing could’ve braced me for what happened on my second day.

My first day at Content House was exactly what I’d hoped for: warm welcomes, inspiring conversations, and the excitement of a fresh start. I was determined to make a good impression, to show up as the best version of myself – eager, capable, and collaborative.

Then came day two.

At around 9:30 AM, I received an email that seemed to come from our Managing Director, Jesmond Bonello. It was friendly and casual – he asked how I was settling in and explained he’d be stuck in meetings all day, so email would be the only way to reach him. I replied enthusiastically, happy to hear from him.

Then came the request.

Jesmond asked me to help organise a surprise for the team: gift vouchers from Steam, Apple, or Razer. It felt plausible. As the newest member of the team, maybe he wanted to see how I handled responsibility. Plus, it made sense he’d want to do something kind for the rest of the team, by surprising them.

Wanting to impress, I got to work. I researched options, structured my findings neatly, and even popped downstairs to check availability at the iCentre store at The Quad. Eventually, “Jesmond” decided on Steam vouchers worth €100 each and asked me to pay for them upfront, promising the finance department would reimburse me. That should have been a red flag. But I brushed it off – this was clearly a company that valued its employees. I wanted to be part of that.

I bought two vouchers online before luckily hitting a payment block when I tried to buy the third. Undeterred, I contacted Steam’s support team. I even suggested creating little gift bags with goodies to go with the digital vouchers – thinking creatively, going the extra mile. Meanwhile, my business editor had begun assigning me stories. I politely let him know Jesmond had given me something urgent. He looked a bit puzzled but trusted me to use my judgement.

Then, finally, I noticed the email address: [email protected]. Something didn’t feel right. But I kept rationalising – maybe he had a reason for not using his company email? Maybe it was to preserve the surprise?

Still unsure, I cautiously told my editor the situation, worried I might be ruining a kind gesture, and a surprise. But as I explained everything and saw his face drop, it hit me: I’d been scammed.

The flood of emotion came all at once – shame, disbelief, and sheer panic. My hands shook. I cried. It was only my second day, and I felt like I’d already failed. How could I have fallen for this? In hindsight, it’s clear that my trusting nature – usually a strength – made me vulnerable. I genuinely wanted to help and believed in the good intentions of others.

But scammers know that. They exploit it.

This was a textbook example of Business Email Compromise (BEC) – a growing form of fraud that targets employees by mimicking senior figures within an organisation. And I was the perfect target: new, eager, and unaware of company culture and internal communication habits.

According to Europol’s report The Changing DNA of Serious and Organised Crime, these kinds of online scams – especially investment fraud and BEC – are becoming more advanced, more believable, and more widespread. The use of AI and automation means scammers can now create shockingly convincing messages, emails, and even deepfake content.

In BEC cases, fraudsters either hack into real email accounts or spoof them so convincingly that even experienced professionals fall for it. They mimic tone, formatting, and behaviour, slipping seamlessly into existing conversations. Identity fraud and AI-generated content are central to these operations, making scams harder than ever to detect.

These scams are no longer clumsy or obvious. They are sophisticated, personal, and emotionally manipulative. If you're starting a new job, or even if you’ve been in your role for years, here are four quick tips to protect yourself:

  1. Double-check the sender’s email address: Look closely for inconsistencies or unfamiliar domains.
  2. Call or message internally: Always verify unusual requests by speaking directly to the person, especially if they ask for money or sensitive data.
  3. Trust your gut: If something feels off, it probably is. Take a moment before acting.
  4. Know the red flags: Urgent tone, secrecy, gift card requests, or payment via unusual means are all classic scam indicators.

Scammed on day two, writing about it on day three - not exactly how I imagined my first week. But despite the panic and embarrassment, the support I received from the Content House team was incredible. Jesmond himself reassured me: if the bank and Visa don’t reimburse me (a process already underway), the company will cover the loss.

A €200 mistake and a bruised ego later, I might’ve just learned one of the most important lessons of my career. And if sharing this story helps even one other person avoid the same fate, then maybe it was worth it.

Main Image:

LinkedIn

Read Next: Placeholder

Written By

Adel Montanaro

Adel Montanaro is a storyteller at heart, combining a journalist’s curiosity with a deep love for music and creativity. When she’s not chasing the next great story, you’ll find her at a local gig, brainstorming fresh ideas, or surrounded by her favourite people and pets.

Trending articles

Trending articles