Scammers have a myriad of ways to get you to part with your hard earned cash, but one of the most tried and tested ways to get it is through a simple gift card. They're not only last minute Christmas presents, they're also a hackers dream - as they leave no trail, no way to track where your money has gone.
There has recently been a resurgence in these kinds of scams, and although it's not the most sophisticated kind of social engineering it's still worth covering so that you don't end up out of pocket. How it works really depends on the scammer who's running the show, but for both businesses and individuals it follows the same basic formula.
If you're getting scammed at work...
The scam will probably start with an email like the one our receptionist received. The two key things that every successful scam needs to establish are trust and urgency; the longer you have to think about what's happening, the less likely you're going to fall for a scam. And if it comes from a person or company you trust, you're always more likely to take their word for it.
In this case, the email came from one of our directors, Adam Kuznesof. The email reads,
'HI Katherine, Please confirm if you are available, I have an urgent request for you. Thanks, Adam Kuznesof.'
Immediately the sender has put themselves in a position of trust as masquerading as a director of the company, and established the urgency; the subject line is 'Quick Request!'.
After receiving a reply from Katherine, there's a second email which reads,
'I need you to run an errand for me at any store e.t.c nearby. I need Apple iTunes gift card to send to a client today. Confirm if you can handle this? Adam Kuznesof'.
Note that there's a delay in revealing the entire request - building up trust through an email thread is a common technique used by scammers. It was here that Katherine realised this was not our director at all, and so didn't care to continue the conversation.
If the victim had carried on replying, the scammer would inform them of the amount of money they want on the gift card (reportedly up to £15,000 across numerous gift cards). They'd then ask for the serial number of the card, and disappear - or repeat the trick a few more times, if they can get away with it.
If you're being scammed at home...
Admittedly, this scam is harder to pull off when you're targeted at home. With no boss to assume the authority of, the scammers have to come up with other ways of gaining your trust quickly and easily. One of the ways they can do this is by calling you, pretending to be from a government department - just like emails, hackers can fake the phone number of a group or organisation you'll recognise.
After that, they'll establish the urgency. Maybe it's tax or a bill due, but they'll be very insistent that it has to be paid right this second. Just like the scam for businesses, they'll recommend that you load money onto an iTunes gift card for security reasons, or to avoid reading your card details over the phone - there are a lot of nefarious people out there after all!
Once you've purchased the gift card, they'll want that magic number on the back so they can access the funds - and before you know it, you're off the phone and wondering what the hell just happened.
But what do scammers want with iTunes cards?
iTunes gift cards are great to sell on - you can use the serial code rather than having to meet to exchange the card itself, and scammers can often sell them at a fraction of the price they were purchased for. This can be done on the Dark Web incredibly easily, even paid for with Bitcoin or another cryptocurrency, and the seller can remain completely anonymous.
How can I avoid this scam?
The business version of this scam is easily avoided by double checking the sender's email address. Although the tag might say Adam Kuznesof, the sender address was something completely different. Also take the time to check the tone and the language used in the email - presumably, you receive emails from your boss all the time. Does this sound like a normal request? Does it remind you of the way they write? If you're not convinced, it is always worth double checking by phone - no matter what the urgency of the task is, better to ask rather than spend your company's money on thousands of pounds worth of gift cards.
The out-of-work version of this scam is a little trickier. Whereas most people will start to wonder why government departments are demanding money from them in the form of gift cards, of all things, the most vulnerable in society are at risk - particularly people who aren't as technologically savvy. If you're in doubt about a phone call you've received, always contact the department directly using their phone number (not the one that the scammer has lead you to!) and ideally using a different phone. As with all of these scams, better to be safe than sorry.
Tweet us @TranscenditUK
