Gift Card Fraud
The cybersecurity world is continually inundated with the new strains of ransomware taking down large and small businesses alike. Unfortunately, this has brought attention away from other cyber-related attacks, like ...

Or login with email
Join our subscribers list to get the latest news, updates and special offers directly in your inbox
The cybersecurity world is continually inundated with the new strains of ransomware taking down large and small businesses alike. Unfortunately, this has brought attention away from other cyber-related attacks, like Gift Card scams. The US Department of Justice announced this week the indictment of four gift card scammers and alleges these four ended up with more than 5000 fraudulently obtained cards to use for themselves.
Gift Card Scams are where cybercriminals redeem gift cards that you (or your business) paid for, either because you were convinced that those cards were designated for something else, or because the crooks got temporary access to one of your online accounts that allowed them to buy gift cards on your dollar. These scams don’t typically require large payments as they would in Ransomware attacks, but can still add up to a notable amount. One may assume Gift Cards won’t get the criminals very far, but Gift Cards typically allow up to $200 added to each card. With that said, the crooks scammed 5,000 cards, which in theory could’ve added up to $1 Million. It’s a large number that can certainly affect businesses, especially smaller to mid-size companies.
Cyber crooks frequently use social engineering tactics to get this type of job done. They will break into company networks and exploit computer system access to buy cards, they will impersonate the CEO of a company and ask Human Resources to buy gift cards for bonuses, they will exploit trust in online data sites. Below we give three typical examples.
In the holiday season of 2020, Sophos’ Rapid Response Team came across a group of cybercriminals deploying an attack of this nature. Hackers gained access to a company’s network and accessed each end-user’s device to see if they could gain access to an already logged-in email (or e-commerce) account. They were able to purchase a number of gift cards in this way before the alarm was sounded and Sophos’ response team was called in.
Another example where gift cards are secured by hackers is Romance scammers, who like to arrange for gift card “payments”, luring their victims who have often been tricked into thinking they’ve found a friend or future spouse through a fake dating profile and sending them money; sometimes through gift cards.
Oftentimes, hackers will impersonate public figures for a company by emailing human resources pretending to be the CEO. In this scam, the hacker sends an innocuous “Hey, are you busy” email to human resources. If they get a response from HR back, then they engage with a request for Gift Cards. This type of scam was investigated by CyberHoot directly in a $25,000 gift card scam, literally hundreds of $100 gift cards.
Hackers know their only weapon is social engineering. Once you’re aware of this, you can watch for impersonation attacks, romance scams, and computer and network breach events. Never use gift cards as a payment option for non-personal matters. Following this advice will protect you from the various Gift Card scams out there.
There are other actions you should take to protect your business from other attacks and harm including:
Source: NakedSecurity – Sophos
Additional Reading: US DOJ Indicts Four Defendants Linked to Money Laundering
hackeridiot Feb 12, 2022 0 18
hackeridiot Nov 11, 2021 0 15
hackeridiot Feb 4, 2022 0 10
hackeridiot Apr 19, 2022 0 8
hackeridiot Jan 27, 2022 0 227
hackeridiot Nov 11, 2021 0 353
hackeridiot Oct 31, 2021 0 115
hackeridiot Aug 5, 2022 0 0
The Internal Revenue Service (IRS) has modified the crypto question asked on Form...
hackeridiot Aug 5, 2022 0 0
Top cryptocurrency exchange, LBank, gave its various communities across the world...
hackeridiot Aug 2, 2022 0 1
Passive-Recursive DNS daemon. Quickstart nameserver 127.0.0.1 | sudo tee /etc/resolv.conf...
hackeridiot Aug 5, 2022 0 0
Latest episode - listen now! (Or read if that's what you prefer.)
hackeridiot Nov 11, 2021 0 353
A pop-up now greets you on the vast majority of websites you visit. The “cookie...
hackeridiot Aug 2, 2022 0 0
The above was archived from NASA’s site. The editor was Rob Garner. It is archived...
hackeridiot Aug 5, 2022 0 4
Background Before the modern era, cryptography was concerned solely with message...
hackeridiot Mar 23, 2022 0 36
The darknet markets are subject to availability and one of the many factors that...
hackeridiot Mar 24, 2022 0 3
A member of a “global darkweb organized crime group” has been sentenced to nine...
Donate to us on BuyMeACoffee also we have built an app for this site with the real-time post receiving and notification to go and download it.