Watch for Gift Card email Scam Striking Small Businesses
Everyday employees are being duped into buying and electronically sending Amazon and Google Play gift cards to scammers. The scammer impersonates an authority figure, creating an email domain and address that resembles that of the CEO or other ranking manager of the victim organization. The attacker emails one or multiple employees from the “high-ranking manager’s” account. They ask the victim to (quickly) purchase gift cards for immediate electronic distribution. One known victim was asked to purchase physical Amazon gift cards from a brick/mortar store, scratch off the codes, and photograph $1,500 worth of cards and send the photo back to the manager. In the second recent scam, the imposter posed as the CEO, asking a lower-level colleague to purchase Google Play gift cards online, and email the codes back.
In both cases, poor grammar and bogus email addresses were noted in retrospect. A screenshot of one of the emails is below. Read from the bottom up and notice a) the bogus email address and b) the misspelling of Walgreen’s. The name of the (impersonated) manager has been hidden.
It’s important that organizations educate and raise awareness of cyberscams, especially here in National Cyber Security Awareness Month. For instance:
- Be skeptical of any request to send or spend money, especially if it’s unexpected
- Check the email address, not just the name, for authenticity
- Phone the requester to confirm the request is authentic. If they’re calling you, hang up and call them back at their normal number.
- Report phishy emails or phone calls to your IT / Security department
- Know that it’s OK to say “No”
Enabling has a Security Awareness, Reinforcement, and Training (STAR) package. It’s built for busy IT & Security teams who need a packaged user cybersecurity program. User awareness lowers the risk of social engineering mistakes leading to breaches or financial loss. Contact firstname.lastname@example.org