Posts

Protecting Yourself from Gift Card Scams

It doesn’t matter what the occasion is, gift cards are a popular gift. However, if you are giving them, or getting them, you could be part of a scam. There are more gift card scams out there than you might think, and it includes both digital and physical cards.

gift cardIt doesn’t matter where you get the card, here are two ways that scammers use them to make money:

The “Assistant Gift Card Scam”

Small businesses are often the target of the assistant gift card scam. We see this a lot in the financial services industry, or really any other industry where you have a service professional who has assistant that manages administrative tasks.

The scam works like this: the scammer scopes out the service professionals website, he might make a phone call or send an email seeking out a secretary or assistant, and then reaches out to that assistant usually via email or even text, spoofing the communication medium and posing as the service professional.

In that communication, the criminal posing as the service professional requests the administrator go out and buy five gift cards for clients and to send pictures of the gift cards with the activation codes on the back scratched off.

Once the criminal receives the photos with the codes, he immediately cashes them in.

The best way to prevent this, is always by getting on the telephone and calling your boss to make sure that the request for gift cards is a legitimate one.

Using a Gift Card to Transform it to Cash

If you get a $200 gift card to a store, and then it’s stolen, it’s like you have lost money. It’s essentially the same as if someone stole $200 from your pocket. You might be wondering how a scammer can turn a gift card into cash. Here’s how it works:

  • The thief takes a gift card out of your gym locker.
  • Instead of using it it at the store, he puts an ad online offering it at a $50 discount saying he’s in a rough spot and needs cash.
  • Someone takes him up on the offer and sends him $150 via Venmo.
  • The thief then goes and uses the gift card at the store. He takes the item he bought and sells it on eBay….and never ships the card to the person who bought it.
  • So now, he has the $150 plus the cash he got from selling the item he bought.

Infiltrating Gift Card Accounts Online

Another way that a thief can scam people by using gift cards is by taking advantage of software. They use a botnet which is also a robot network of computers design to hack, to gain access to an online gift card account. Here’s how it works:

  • You log into your gift card account.
  • The botnet also tries to log into your account. They randomly keep trying until they guess the password/code.
  • Though it’s not guaranteed, the botnet could guess the password/code for your gift card, and if it does, you can say goodbye to the balance.

Protecting Yourself from Gift Card Scams

  • Don’t believe everything you read online. If a deal is too good to be true, it probably is.
  • Anytime a service professional requests a straighter buy a bunch of gift cards, get on the phone and talk to that person directly to confirm the legitimacy of the request.
  • Buy a gift card straight from the source, not from a random Facebook ad.
  • Don’t buy any gift cards at a high traffic location as it’s easy for scammers to hide their scam.
  • Change the security code of the card if you can.
  • If you have access to an online account, change your password and username.
  • As soon as you suspect something fraudulent is going on, report it.
  • Spend the money on the card as quickly as possible.

Written by Robert Siciliano, CEO of Credit Parent, Head of Training & Security Awareness Expert at Protect Now, #1 Best Selling Amazon author, Media Personality & Architect of CSI Protection Certification.

Gift Card Scams: What You Need to Know

You might not realize it, but hackers are making a ton of money thanks to phishing attacks, and now they have started to focus on gift cards. Scarlet Widow, which is a notorious scam group out of Nigeria, has really been boosting its efforts to romance scam people and using gift cards. The group is typically focused on people in the US and UK, and is also well known for tax scams, and rental scams.

Gift Card ScamsAre you a person who is at risk of being scammed by a group like Scarlet Widow? The group generally focuses on large or medium sized businesses including non-profits, such as the Boy Scouts of America, the United Way, and the YMCA. The scammers work by sending staff members emails, and though most people notice immediately that these emails are actually scams, it only takes one email to put a company at risk.

Common Targets

From around November of 2017 to today, Scarlet Widow has been targeting thousands of people and non-profits. It is also targeting the tax and education industries. Remember, the group only wins if they get access to email addresses from these organization, and they might put malware into the systems or use phishing links. Honestly, it doesn’t matter what method the hackers use, once they are in, the scam begins.

What is the Scam? 

So, what is the scam? Scarlet Widow tends to use traditional scams, but these days, the group has started using gift card scams. When we look at data from late 2018, we see that more than 25% of people who were scammed during that year said that they were victims of gift card scams.

The thing is, scammers really love this type of scam because they have fast access to cash, they can do it all anonymously, and once the scam is done, it is very hard to fix. Basically, all the scammer has to do is sweet talk their way into having someone buy a gift car, taking a photo of it, and they now have the money that was on it.

Typically, Scarlet Widow asked for iTunes or Google Play cards, but they have also been known to ask for gift cards from place like Walgreens, Target, or CVS. You might think it’s a bit strange that these people could actually con others to pay for services like cell phone service with a Visa gift card but remember…these are experts at manipulating people.

They often come up with a story about a sense of urgency, like this amazing deal will expire in three hours, and people actually fall for it. One example of this is an administrator from a financial advisory company I’ve worked with actually sent a scammer $1500 in iTunes gift cards. Why did she do it? She was duped into thinking the email was coming from the head of the finance department in the company she worked for.

One way to get a hold on this is to set up some type of security awareness training, but I even know someone in the industry who fell for it. It was an assistant of a security awareness trainer. She got an email that she believed was from her boss. It asked for five $500 Apple gift cards, which were going to be sent to their top five clients. So, the assistant went to Walgreens, bought five cards, and then, just as the email said, she scratched them to reveal the codes, took photos, and sent them back to her boss.  Except, it wasn’t her boss…it was a scammer who was now $2500 richer.

There are some limits to what scammers can do with gift cards, but they will do anything they can to get more money coming into their pockets. So, if you ever get a request for a gift card, be smart and use a ton of caution.

ROBERT SICILIANO CSP, is a #1 Best Selling Amazon author, CEO of CreditParent.com, the architect of the CSI Protection certification; a Cyber Social and Identity and Personal Protection security awareness training program.

Gift Cards: The Newest Scam that You Should Be Aware of

Hackers are making a lot of money thanks to phishing attacks these days, and now they are also focusing on gift card scams. One of the most notorious scam groups, Scarlet Widow, which is out of Nigeria, has been boosting its efforts to scam people with gift cards since 2015. This group generally focuses on people in the UK and US and also is known for tax scams, romance scams, and rental cons.

Are you at risk of getting scammed by Scarlet Widow? The group generally focuses on medium to large US businesses and nonprofits including the United Way, Boy Scouts of American, and YMCA chapter. The scammers send emails to employees of these organizations, and though most people understand that the emails are, indeed, scams, it only takes one person to put your organization at risk.

The Targets

From November 2017 to the present, Scarlet Widow has targeted thousands of nonprofits and individuals. It also targets the education industry and tax industry. Scarlet Widow only succeeds by getting access to these organizations’ email accounts. They might put malware in the emails or use malicious phishing links. Either way, eventually, these people are going to be able to scam the organizations.

The Scam

Though traditional phishing scams work for Scarlet Widow, it is really focusing on the gift card scam these days. In October 2018, more than a quarter of people who have been scammed during the year said that they were victims of a gift card scam. Scammers love these because they can get the cash quickly, they can be anonymous, and it’s very difficult to reverse. All the scammers have to do is convince someone to buy a gift card, then send them a photo, and they can take the money that is on there.

Scarlet Widow generally focuses on Google Play and iTunes gift cards, but other scammers will ask for cards from places like Target, Walgreens, or CVS. You might think it sounds strange that these people could con others into paying for business services with gift cards but remember…these scammers are experts at manipulation. They will certainly come up with some story with a sense of urgency, and people fall for it all of the time. For instance, there was an administrator in Australia who sent a scammer $1,800 in iTunes gift cards. The email she got seemed as if it was from the head of the finance department, so she believed it was legitimate. However, it was just a scammer.

A security awareness training financial advisor client of mine was conned too. Actually it was his assistant. She received an email that looked like it was coming from him requesting 5 $500.00 Apple gift cards to send to their top 5 clients. She went right out to Walgreens, bought 5 cards and the instructions were to scratch off back to reveal the codes and email pictures of the cards and codes back to him. Which she did. And then the scammers disappeared.

Though there are limitations to scammers using gift cards, these nefarious groups will use any method they can think of to get more money funneling in. So, if you ever get a request from a contractor or organization leader asking for a gift card, use an extreme amount of caution.

ROBERT SICILIANO CSP, is a #1 Best Selling Amazon author, CEO of CreditParent.com, the architect of the CSI Protection certification; a Cyber Social and Identity Protection security awareness training program.

Protect Yourself From Gift Card Scams

So maybe Christmas now means the very predictable gift card swap, but hey, who can’t use a gift card? But beware, there are a ton of scams. This includes physical, not just digital, gift cards.

Regardless of who gave you the card, you should always practice security measures. Below are two common ways that fraudsters operate.

Transform Gift Card to Cash Twice.

If someone gives you a $200 gift card to an electronics store and then it’s stolen, you technically have lost money, as this is the same as someone stealing a wad of cash from your pocket.

Nevertheless, you’ll feel the loss just as much. Crooks who steal gift cards have numerous ways of using them.

  • Joe Thief has plans on buying a $200 item with your stolen gift card from your gym locker.
  • But first he places an ad for the card online, pricing it at a big discount of $130 saying he doesn’t need anything, he just needs money.
  • Someone out there spots this deal and sends Joe the money via PayPal or Venmo.
  • Joe then uses the $200 gift card to buy an item and sells it on eBay
  • And he just netted $130 on selling a stolen gift card that he never shipped.

Infiltration of Online Gift Card Accounts

Joe Thief might also use a computer program called a botnet to get into an online gift card account.

  • You must log into your gift card account with characters.
  • Botnets also log into these accounts. Botnets are sent by Joe Thief to randomly guess your login characters with a brute force attack: a computerized creation of different permutations of numbers and letters – by the millions in a single attack.
  • The botnet just might get a hit – yours.

Here’s How to Protect Yourself

  • Be leery of deals posted online, in magazines or in person that seem too good to be true and are not advertised by reputable retailers.
  • Buy gift cards straight from the source.
  • Don’t buy gift cards at high traffic locations, at which it’s easier for Joe to conceal his tampering.
  • Change the card’s security code.
  • Create long and jumbled usernames and passwords to lessen the chance of a brute force hit.
  • The moment you suspect fraudulent activity, report it to the retailer.
  • Spend the card right away.

Robert Siciliano personal security and identity theft expert and speaker is the author of Identity Theft Privacy: Security Protection and Fraud Prevention: Your Guide to Protecting Yourself from Identity Theft and Computer Fraud. See him knock’em dead in this Security Awareness Training video.