The holidays are just around the corner and in the world of cybersecurity that means gift card scams will start hitting inboxes.
This year is especially dangerous because those imposter emails related to the holidays will also be mixed in with the COVID phishing scams that began earlier this year.
These scams can take on all sorts of forms and they’re designed to get around normal cybersecurity measuresby going right to the users and trying to trick them into purchasing and sending gift cards.
Gift cards are a popular scam item because they’re used by a majority of consumers and they’re untraceable. A scammer can spend them without worrying about their identity being tied to the card.
According to the National Retail Federation, 54% of consumers will give gift cards over the holiday season.
It’s not only popular to give gift cards to friends and family, they’re often used in business as a gift for long-time customers, employees, and vendors. This is why employees will often become victims of gift card scams through imposter emails.
The gift card scam is a favorite of cybercriminals because it brings an instant payout. Rather than them having to steal data to sell on the Dark Web to see a payday, they can spend an emailed gift card immediately.
Popular Fake Gift Card Emails to Watch Out For
Providing employee awareness training in cybersecurity is a vital part of any overall IT security strategy. This includes a reminder of those phishing emails and scams that tend to be seasonal, like ones associated with gift cards.
Being aware of what to watch out for goes a long way towards keeping your business safe and helping your employees and administrators avoid being scammed out of money.
In nearly all the cases, the scammer won’t need the gift card physically. They may ask for the gift card number and the PIN on the back of the card, or simply to have an electronic gift card sent via email or text.
Here are two of the top imposter emails being used to try to get people to purchase gift cards under false pretenses.
Scam Targeting Worshipers
One scam that the Federal Trade Commission (FTC) has warned people about is one targeted at worshipers.
In this scam the email will appear to come from a religious leader, like a rabbi, priest, imam, or pastor. It will claim to be seeking gift card donations for some type of charity or “worthy cause.”
This scam usually comes via email but can also come via text message. The types of cards usually requested include iTunes, Amazon, or Google Play.
The scam plays on the fact that people tend to want to give to charity during the holiday season and if they think the request is coming from a religious leader, they’re most likely to trust the request.
Supervisor Request to Purchase Gift Cards
Another popular take on this scam is to spoof the email and signature of someone in an organization, preferably someone in a management position. This type of information can easily be found by scammers on sites like LinkedIn or on a company’s website.
An employee then receives an urgent request that they purchase gift cards for a client/employee team, etc., and it will often include a note from the requestor that they’ll “be in a meeting” and can’t be reached for a few hours.
It can look something like this:
“Dear Sue, I’m on my way to customer appointments and I completely forgot to have gift cards purchased as customer appreciation. Can you please buy five $100 gift cards from Amazon and then email me the numbers urgently? I’ll reimburse you when I’m back. I’m about to step into a meeting so I won’t be available by phone and need these within the hour.”
The scam uses urgency and the tactic of not being available for a confirmation call to trick the employee into acting on impulse to get the requested task done.
How to Avoid Falling for Gift Card Scams
Here are some tips to help employees spot gift card scams and avoid falling prey:
- Don’t trust the “display name” or “from” email address, in a questionable message, these can be spoofed by spammers.
- Double check with the person that requested the gift cards by phone or in person (even if they said they would be unavailable, which is a common scammer ploy).
- Put systems in place to require more than one person to sign-off on gift card purchases, that double check can help staff avoid scams.
- Be wary of any requests to purchase gift cards that use urgency (“I have to have this in an hour”) as this is often done to get people to react without thinking first.
Get Free Cybersecurity Awareness Training for Your Team
ProdigyTeks can help your Chicago area business get your employees ready for the holiday scams as well as hone their skills to spot all types of phishing attacks.
Schedule a free training today! Call 312-600-8357 or reach us online.