Gift Card Scams are Decreasing in Light of Other Business Email Compromise Scams

3D Santa with a gift card for Christmass  ? isolated over whiteNew data from email security vendor Agari shows Business Email Compromise (BEC) attacks shifting tactics last quarter, in favor of scams resulting in larger payouts.

BEC scams are one of the easiest scams to initiate, as they only involve an email list, a way to send an email, and some good social engineering skills. And, according to Agari’s Q4 2019: Email Fraud & Identity Deception Trends report, cybercriminals are changing the focus towards those scams that pay out bigger returns.

According to the report, gift card scams – which reign as the undisputed leader in BEC scam quantity, saw a 9% decrease in Q3, from 65% of all BEC scams to 56%. In contrast, those decreases created increases in both payroll diversion (at 25%, up from 20% last quarter), and direct transfer scams (at 19%, up from 15% last quarter).

The report points out one of the possible reasons is the payout. According to the report, the average take for a gift card scam is around $1,571. In contrast, the average take for a wire transfer is over $52,000!

Regardless of the payout, organizations need to ensure employees don’t fall for these scams. Some of the common telltale signs are:

  • Use of free webmail accounts – according to Agari, 54% of BEC attacks used from these accounts.
  • Use of lookalike domains – 40% of all BEC attacks used domains made to look similar to known and established domain names.
  • Targeting of specific roles – HR employees are the obvious target for payroll diversion scams. Direct transfer scams target members of Finance or Accounting. And Gift Card scams tend to focus on individuals with lower roles that directly interact with a member of the executive team.

Users need to be educated on these kinds of scams vis continual Security Awareness Training so they can easily spot suspicious content in email and on the web, and be able to navigate around a scam without falling for it.

Don’t get hacked by social media phishing attacks!

Many of your users are active on Facebook, LinkedIn, and Twitter. The bad guys use these platforms to scrape profile information of your users and organization to create targeted spear phishing campaigns in an attempt to hijack accounts, damage your organization's reputation, or gain access to your network.

KnowBe4’s Social Media Phishing Test is a complimentary IT security tool that helps you identify which users in your organization are vulnerable to these types of phishing attacks that could put your users and organization at risk.

SPT-monitorHere's how the Social Media Phishing Test works:

  • Immediately start your test with your choice of three social media phishing templates
  • Choose the corresponding landing page your users see after they click
  • Show users which red flags they missed or send them to a fake login page
  • Get a PDF emailed to you in 24 hours with your percentage of clicks and data entered

Go Phishing Now!

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

Subscribe To Our Blog

Ransomware Has Gone Nuclear Webinar

Get the latest about social engineering

Subscribe to CyberheistNews