Cybercriminals will take advantage of any major news story if there’s a way to make money from it. But sometimes, the scam just gets a little too odd to believe.
Nothing says “let me help you rebuild your life after losing everything to a wild fire” like Google Play cards, right? But scammers recently tried to take advantage of those wanting to assist wildfire victims by asking users to purchase Google Play cards and give up the redemption codes on the back.
At least the bad guys in this scam tried to impersonate the CEO of the targeted organization. That means they’ve either done some investigative work to identify their targets, or used a service that does this.
The emails are sent from the “CEO” to specific employees asking for four $500 Google Play cards, as shown below:
While it does seem a bit ludicrous, if you’re not familiar with Google Play and how their cards work, it’s not impossible for this scam to work. Employees trying to work quickly and address any and all requests from the CEO may simply do what is asked of them. CEO impersonation is a common, and effective, social engineering tactic used in phishing attacks.
This particular phishing scam may not be the most compelling, it represents just one more attack in the unending string of phishing emails used to trick your users into doing an attackers evil bidding. Empowering users with Security Awareness Training helps them spot emails and web content with malicious intent, reducing the likelihood of the user, and therefore, the organization, falling victim to a scam that can cost the organization dearly.