Gift Card Spear Phishing Scams

Overview

Spear phishing is a form of phishing that targets people with close access to authority figures. The scammer collects personal info about their targets from publicly-available materials including websites, social media, and past data breaches. The scammer then uses this info against targets to fool them into allowing access to information or resources.

Gift Card Spear Phishing

Gift card spear phishing is a specific scam in which a criminal --  knowing that organizations often purchase gift cards as rewards -- impersonates a high-level individual such as a CEO, demanding a subordinate purchase gift cards quickly on his/her behalf.

The urgency of the email, combined with the authority figure making the demand, puts social pressure on the subordinate to obey the request. After the gift cards are purchased, typically the scammer will demand serial numbers of each card, in order to spend the balances online.

Tips for Identifying Gift Card Spear Phishing

Unfortunately, you can't prevent scammers from targeting you. However, you can prevent yourself from becoming their victim. Read more tips for identifying phishing attempts.

  • Typically, the scammer sends you an email posing as a boss/colleague, attempting to grab your attention. Always check with the sender in person or on the phone to verify the validity of the request.
  • Check the email's From: address -- it is probably phony. Even if it is correct, you still shouldn't let your guard down. The sender's account could be compromised!
  • Be suspicious of email messages that have an air of urgency to them. Never let anyone persuade you to make a decision immediately. There is always enough time to verify a claim using reliable sources.
  • If you are asked to share personal info, account information or finances, cease contact with the sender and immediately report it to IT.

Help! I think I was Phished!

Immediately report the incident to IT by submitting an IT Security Incident form.  Follow the steps on that page to foward the full email to IT so that they can review the incident.

 

Print Article

Details

Article ID: 70566
Created
Tue 1/22/19 10:54 AM
Modified
Wed 1/30/19 11:27 AM
Audience
Employees
Students

Related Articles (1)

A compromised account is one accessed by a person not authorized to use the account.

Related Services / Offerings (1)

If you suspect a potential security issue involving any private information—whether the information is on a computer, on paper, on the web, etc.—immediately report the details to IT.