Fraudsters know businesses are more likely to reward employees or thank customers during this time of year. ‘Tis the season for presents, incentives and end-of-year bonuses. This is a time where we also see an increase in business email compromise scams.
The scam starts with a spoofed email or text from a person like a CEO, CFO, or other position of authority. The fraudster makes contact with an employee, telling them to purchase gift cards for the executive to give away or to use to purchase items – say, for the company Christmas party.
The employee is told to send the gift card information, including the number and PIN, back to the “boss” – who is really the fraudster, who then quickly cashes them out before you know there is a problem.
In cases such as this, the customer is liable for these purchases because they are authorizing the purchases on their credit card. In fact, in one scenario we were informed of, the credit card fraud department called the cardholder because of the suspicious transactions, but the cardholder confirmed that the transactions were legitimate.
There are ways to prevent these types of scams:
- Keep an eye out for email addresses that look similar to, but not exactly the same as the ones used by your work supervisors or peers.
- Be wary of unusual requests to buy multiple gift cards.
- Watch out for grammatical errors or odd phrasing.
- Notice language that tries to create a sense of urgency to purchase the cards quickly.
- Be especially wary if the sender asks you to send the gift card number and PIN back. (Often, the fraudster requests a photo of the gift cards).
In any case, requests for gift card purchases or wire transfers should be highly scrutinized. Make sure your business has a validation system in place to confirm requests to purchase gift cards or conduct a transfer of funds. Most importantly, the cardholder should verify with the purported originator that the request is indeed legitimate.