It’s safe to say that most of us have purchased a gift card or two.  They’re convenient and give the recipient the choice to use as they wish.  They also provide a handy way for cybercriminals to steal money, which is why gift card scams are so common.

Gift cards were invented in 1994 by luxury retailer Neiman Marcus, though they did not advertise them.  It wasn’t until Blockbuster displayed gift cards in their stores (due to their paper gift certificates being counterfeited) that the idea took off and swept retailers across the country.

Fast forward 25 years to 2019.  With cards available from virtually every retailer, the popular gift card business has become a huge opportunity for email scammers.  The risk happens year-round, not just at the holidays.  Many scammers are targeting business emails to trick the recipient into sending gift cards to the attackers, even specifying a particular gift card brand (ex. iTunes).  By the end of 2018, 25% of people who reported losing money to a scam lost it through gift cards, compared to 7% in 2015.

Gift card requests have replaced wire transfer demands in forms of payment to scammers. Why? They’re easy, quick and virtually non-traceable.  Once the scammers receive the code from the back of the card, the money is gone as is any real chance of tracing the transaction.  Unfortunately, you or your company may have lost a considerable amount of money in a matter of minutes.

Who is a Target?

Anyone can be a target.  No business (or individual) is immune to these attacks.  Small and large businesses, non-profit organizations and churches can all be victims of this scam.  You may even receive them in your personal email.  Cybercriminals are very good at impersonating trusted businesses, friends and even family.

How Do Gift Card Scams Work?

  • The email will usually impersonate the CEO, CFO or other executive within the organization and may be sent to one or more recipients. In many cases, the email indicates it is “Sent from my iPad” or “Sent from my iPhone” which creates a sense of urgency.
  • Targets tend to be office managers, executive assistants, and other staff members. The email will ask the recipient to do them a quick favor, keep it confidential, reply (to the scammer) and purchase a number of gift cards in certain dollar amounts.  The purchase amount can total hundreds or thousands of dollars.  Specific purchase instructions are usually detailed in the email.
  • From there, the victim will be asked to scratch off the back of each card to show the pin, scan the card, then send pictures of the scanned cards. That’s all the scammer needs to make purchases online.

How to Avoid Becoming a Victim

Most email filters are very good at catching spam.  However, filters can’t pick up all these types of attacks in part because they don’t contain any obvious malicious signals.  For example, gift card scam emails don’t usually include attachments or risky links.  They’re often sent from trusted email domains, to make the recipients feel comfortable making the purchase.  So, it’s up to you.

Here’s the best way to avoid becoming a victim and save your money and time:

  • STOP and do not respond to the email or click on any links within the email. Be aware of how the email is written because scammers often use suspect language. If the tone and grammar sound unusual for your business, it’s likely a scam.
  • CONTACT the individual from within your organization that “sent” the email to determine its validity; do this via phone, in-person or a separate email.
  • ALERT others within your organization of the scam email; it may have been sent to more than one person.
  • MAKE sure you delete the email.

Gift card scams are here to stay, at least for now.  Contact us if you would like to know more about how CRU Solutions can help keep your business safer.