We have recently been made aware of a gift card scam affecting businesses in the North East of Scotland. This is just a quick heads up to let you know what to watch out for.
This type of scam usually starts with the victim receiving a phishing email. The email will often appear to come from a senior member of staff asking them to either confirm if they are free or to send their mobile number. The email may also say not to call them as they are in a meeting or unavailable.
When the person responds to the email, the cybercriminal will reply asking them to purchase several gift cards. For example Amazon, Apple iTunes or eBay. They’ll be told these gift cards are for clients and to allow them to be emailed the cybercriminal will ask the person to scratch off the panel on the back and send the gift card details onto them.
Often this can leave someone hundreds of pounds out of pocket.
But what can we do to protect ourselves from this type of scam?
First, check the senders email address. In the case of our client the email address was from Gmail which should raise alarm bells if it is supposed to be from a work colleague.
Second, the email subject line may be marked as CAUTION: EXECUTIVE SPOOFING. This means the spam filters already believe this may be an email attempting to impersonate someone in your company.
Third, look out for text in the body of the email saying EXTERNAL EMAIL: DO NOT CLICK links or attachments unless you recognize the sender and know the content is safe. If this was from a colleague using their work email address, it would not be marked as being an EXTERNAL EMAIL.
Fourth, contact the person who reportedly sent the email asking them to confirm its contents. If you do this, always use a trusted telephone number, not the one in the email.
Last but not least, you should ensure that all staff are aware that gift card fraud is real, and know how to spot red flags. Training your staff is vital, by doing so you can make them your first line of defence against an attack. Please get in touch with me direct at email@example.com if you have any questions around cyber security, I’m always happy to help.