Blog

Blog

Phishing alert! Gift card scam impersonates your supervisor

By: C Spire on Feb 22, 2022 10:41:51 AM

Phishing alert Feb 2022

If you’ve received a message from your boss requesting a gift card, it’s probably a phishing attempt. “We’re seeing a rise in gift card scams,” says Conrad Bell, Chief Information Security Officer at C Spire. “Hackers send people emails or text messages in which they pretend to be a supervisor or a senior executive. They trick employees into buying gift cards and sending them the activation codes.” Once the codes are sent, the money is gone.

According to the Federal Trade Commission, nearly 40,000 people reported losing $148 million in gift card scams in 2021. And it’s only getting worse in 2022.

Ask the Authority podcast: The road to compliance >>

“Remember,” says Bell, “Your boss does not need gift cards.” And if anyone asks you to pay for something with a gift card, it’s a scam. Gift cards are for gifts, not payments. 

How does the scam work?

STEP 1. The scammer scours the Internet for names and emails of a company's high-ranking supervisors. Corporate websites and LinkedIn are sources for a lot of this information. Job titles, telephone numbers and other important information about the company help disguise malicious requests.

STEP 2.  The hacker then targets the supervisor's business account through a variety of tactics. They often spoof the supervisor’s email domain in a way that's difficult to notice. For example, boss@company.com is changed to boss@c0mpany.com. Sometimes they create a fake personal email address through Gmail, Yahoo or another service. They can also spoof a phone number from your area to send a text message.

STEP 3. The request is sent to an employee, asking them to buy gift cards for a random reason and send the gift card numbers and PIN code back via email or text.

What should you do?

  1. If you get a message from a colleague asking you about gift cards, reach out to the sender in a separate email or call them to check if they actually sent the request.
  2. Do not reply to the email or use any contact information provided in the email. Attackers will often provide fake numbers or email addresses that they control.
  3. If you discover the email is a phish, report it to your manager and reportfraud.ftc.gov

Network security guide image-1DOWNLOAD: 6 steps to help secure your business network >>

 

 

Topics: phishing attack, cybersecurity, C Spire AuthorITy


C Spire Business is a privately-held telecommunications and technology company driven to deliver the best experiences in wireless, fiber internet, and business IT solutions such as internet, VoIP, cloud and managed services. Read more news releases and announcements at cspire.com/news. For more information, visit cspire.com or find us on Facebook, Twitter or Instagram.

The information contained in this site is provided for informational purposes only, and should not be construed as legal advice on any subject matter.

Sign up for our monthly newsletter.

For the latest in technology trends, industry news, and C Spire updates.

New call-to-action
Microsoft 365 Free One Month Trial
Cisco Webex Learn More

Sign up for our monthly newsletter

For the latest in technology trends, industry news, and C Spire updates.

Recent Posts