It's the holiday season and people are busy, and it's also a season to beware of scams. There are many different scams related to gift cards, and here's a new one we just saw locally.
A user received an urgent message from their boss that he needed to get gift cards for important clients and there was a time crunch to get the task done. The diligent employee replied and immediately started working on the task. After a few email exchanges back and forth, the employee went to talk to the boss to clarify some final details, and the scam was revealed - the boss never asked for the gift cards. They were very close to losing $2000 to a crook.
The original email from the "boss" was actually a "spoofed" message. This is an email that's made to look like it's from a particular individual or organization (like a bank or the post office), but its actually from someone else. It's illegal to use an SMTP server without authorization, but this doesn't stop a crook, and its actually very easy to fake an email. The bosses email was never hacked, it was just a trick that used his email address. The underlying technical details like the return path, etc, will give away the secret, but on the surface, the email looks like a legitimate return address.
- Watch out for emails with with a sense of urgency quickly worded to look like they're from a mobile device (iphone, iPad). The typos are made to make the email appear more familiar and rushed.
- NEVER email financial information. The email exchanged started getting weird when the crook started asking for the authorization codes via email. This is a red flag.
- Don't get tricked if you see a familiar name in the "from" field. Scammers are getting good at harvesting emails from websites and social media. This is their full time job. Make sure your employees are all aware of this trick.
- When in doubt, have a face-to-face or phone conversation to clarify the details.
Sadly there are so many different variations of scams. The bad actors are constantly working on different variations to get through all the technical and human defenses.
User education is key! Think before you click!