Gift cards, bonuses and incentives are very popular throughout the end of the calendar year and in the opening months of the new year. Unfortunately, scammers are well aware of this, and they’re looking to cash in. As a result, companies are more vulnerable to Business Email Compromise (BEC) scams.

A BEC scam that has been seeing an increase in popularity recently involves gift cards. The scam typically starts with a spoofed email from an executive of the company telling an employee to purchase gift cards that the executive can give away. The employee is told to send the gift card information including the number and PIN back to the executive. The fraudster acting as the executive will then cash out the value before anyone recognizes the problem. Typically these types of scams will extend to requests for wire or ACH payments, but the fraudsters are taking advantage of the holidays by going after gift cards.

Whether the fraudster has obtained compromised credentials or is using a targeted attack (social engineering, phishing, etc.) the steps below will help to protect your credentials and give you some keys for identifying suspicious emails.

Steps for identifying fraudulent emails:

  • Look at the email header of the sender. Keep an eye out for email addresses that look similar to, but not the same as the ones used by your work supervisors or peers.
  • Watch out for grammatical errors or odd phrasing.
  • Notice language that tries to pressure you to purchase the cards quickly.
  • Don’t rely on email alone. Double check the request with a phone call or in person discussion.

Steps for keeping your credentials secure:

  • Invest in annual cybersecurity training program for your employees.
  • Include cybersecurity training as part of a new employees onboarding process.
  • Assess the risk of your company and determine potential weaknesses in the control environment.
  • Implement multifactor authentication
  • Ensure that password controls and requirements meet industry standards.
  • Leverage monitoring tools for identifying compromised credentials.

Contact Us

The Barnes Dennig Technology Team is happy to chat with you (at no cost to you) to help you better understand data security and how you can best protect your assets. Contact us here or call 513-241-8313 with any questions.