Email phishing volumes have increased and with this so has the use of social engineering within those messages.  One such social engineering method is impersonation.  Impersonation is exactly what is sounds like.  The cybercriminal sends an email to you that appears to be from a high ranking/trusted member of the company (typically the CEO), requesting that you take action.  The gift card scam is one of the most popular impersonation approaches that we see.

Typically, the call-to-action in the initial email is to reply with your mobile phone number so the CEO (aka the cybercriminal) can send you an urgent text message.  Once this is done, the cybercriminal texts you a message that typically indicates they have approved an expenditure to purchase gift cards for clients and they need YOU to go purchase gift cards as soon as possible.  Of course, you’ll be reimbursed!

Once you have made the purchase, they request that you text the codes from the gift cards to them so they can send it to the clients.  Usually, when successful, this scam yields THOUSANDS of dollars at a time and there is no way to completely recover those funds because they are spent as soon as they are received.

While this may seem like something you might easily flag as malicious, it’s startling how many people continue to be tricked by this method.  The best way to combat scams such as this is to ensure your teams are trained properly to identify and stop these attacks before the damage is done.

For more information on how to train your teams, checkout our Cyber Security Awareness and Training program.  Our clients are seeing great results from this program.