[Keep An Eye Out] Beware of New Holiday Gift Card Scams



Roger Grimes KnowBe4 Holiday ScamsEvery holiday season brings on an increase in gift card scams. Most people love to buy and use gift cards. They are convenient, easy to buy, easy to use, easy to gift, usually allow the receiver to pick just what they want, and are often received as a reward for doing something. The gift card market is estimated in the many hundreds of BILLIONS of dollars. Who doesn’t like to get a free gift card?

Unfortunately, scammers often use gift cards as a way to steal value from their victims. There are dozens of ways gift cards can be used by scammers to steal money, but here are the top three: 

 

You Need to Pay a Bill Using Gift Cards

A very common scam is someone contacting a potential victim, often using a voice-based telephone call (but it can also be done via text message or email), saying either that the victim’s regular payment to some trusted service has been declined or that there is a new emergency charge. A good example of the former is a scamming calling and posing as the victim’s electric company. They will say that the victim’s regular electricity payment was declined and that the victim’s electricity will be cut off in hours unless they go to the store and pay the bill using gift cards. Who would pay an electricity bill using gift cards? You’d be surprised. The list of victims is a Who’s Who of doctors, lawyers, and even law enforcement. People who previously thought they were too savvy to get scammed are often on the victim list.

A good example of the latter scam is someone calling claiming they are the IRS or law enforcement and claiming the victim owes some previously unknown fine, and if the victim doesn’t pay immediately, the victim will be arrested. Who would believe that the IRS or the police would accept gift cards for a fine? Again, a higher percentage than you might think. 

I’ve interviewed a bunch of these types of gift card victims and found all of them to be fairly knowledgeable, smart, people, who thought they would usually be able to spot a scam from a mile away. They just got surprised by the scam contact at an inopportune moment and either their busy lives or some other unrelated circumstance made them think the scam was real. Anyone can become a victim to a scam if approached at the wrong time in their lives with the right scam.

How to prevent? If anyone contacts you asking for an emergency payment, especially using gift cards, there’s a very high likelihood that the request is fraudulent. You can take the caller’s contact details, if they are willing to give them. Usually, they will hang up right away if asked for contact information. Either way, contact the organization that is being claimed on a known good telephone number or email address and ask how you can verify if the request is real. If the request is real, the legitimate organization will get you through to their billing department to confirm the request and pay the bill.

Maliciously Modified Gift Cards in Stores

In this scam, fraudsters steal department store gift cards, learn their secret PIN information, and then replace back onto the shelves to await a victim. When the victim purchases the previously tampered with card and activates it, the fraudster is often able to spend the gift cards value faster than the victim. The fraudster can call the store’s gift card line over and over to verify when the gift card is activated and what value is left on the card.

How to prevent? Look for signs of tampering when you buy a gift card. Some people say to pick gift cards from the end of the stack, but that’s assuming that the fraudsters will always place the tampered gift cards up front and that the store’s staff didn’t rearrange them when restocking new gift cards. Know that all the big vendors using gift cards are aware of these scams and many will offer a way for you to protect yourself against this type of scam and some may even reimburse you if you are out money.

Phish You For Information to Supposedly Get a Gift Card

This is a big scam, especially around the holidays. “Win a free $100 Amazon Gift Card!” is a common ploy. They will either ask you for personal identifiable information, such as your social security or bank account information or ask you to download and run a file to “transfer” the gift card to you. The problem with this type of phishing scam is that there are thousands of legitimate scenarios where anyone can win a free gift card. 

You can spot these types of scams because they randomly appear in email or a text message and even though they claim to be from a major trusted brand, the gift card URL, phone number, or email address is not. Again, this can be tricky, because many legitimate organizations outsource real free gift cards to external third parties. The URLs, phone numbers, and email addresses you see may not be directly linked to the real legitimate vendor. 

One good way to detect these scams is when the offer is just too good to be true. For example, they offer a free iPhone or $100 just for answering 5 easy questions. A real gift card worth $100 is usually going to require a substantial time commitment or large purchase at a legitimate web site. If the offer seems too good to be true, it’s likely too good to be true.

If someone contacts you and says you need to immediately pay a bill using a gift card, it’s usually a scam. In general, there are a ton of gift card scams. If you can’t absolutely, 100% verify that the gift card request or reward is real, or that a card hasn’t been tampered with, just ignore them. Buying or winning a possible $100 gift card isn’t worth possibly losing your bank account and personal information. When in doubt, chicken out.

The FTC offers this advice about gift card scams here.


Get Your Free 2024 Holiday Security Awareness Resource Kit

It’s not just you and your organization getting busier during the holiday season. Cybercriminals are also working overtime! This makes one of the busiest times of year one of the most important times for your employees to stay vigilant against cybersecurity threats.

That's why we put together this resource kit to help ensure cybercriminals’ extra effort this season is for nothing! Use these resources to help your users make smarter security decisions every day.

Holiday-Resource-Kit-2024Here's what you'll get:

  • New! The Gift of Awareness: Holiday Cybersecurity Essentials training module
  • Two free holiday training modules, available in multiple languages
  • Security documents and digital signage to reinforce the free modules included in the kit to share with your users
  • Newsletters about holiday shopping and travel safety for your users
  • Resources for you to help with security planning for the upcoming year

Get Your Free Resource Kit Now!

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

https://info.knowbe4.com/free-holiday-resource-kit



Subscribe to Our Blog


Comprehensive Anti-Phishing Guide




Get the latest about social engineering

Subscribe to CyberheistNews