Overtaking wire transfers and payroll diversion, gift cards have taken a material lead as one of the easiest and least recoverable ways to cash out of a fraud scam.
The CEO gift card scam has been around for a while. It’s a malware-free, purely socially-engineered scam that takes little more than a reasonable email address and some attitude to pull off.
But in security vendor Agari’s Q3 2019 Email Fraud and Identity Deception Trends report, it’s been noted that nearly two-thirds of business email compromise (BEC) scams are using gift cards as the medium to defraud a victim. Think about it: it’s easy to pull off, requires only impersonating a single individual (the CEO), and is nearly untraceable – as the take is the gift card, but the victim is left with a separate credit card bill.
The downside for scammers is that the payoff is far less than what’s possible with wire fraud, but because of the little work that needs to be done as part of the scam, it’s become the most used method of email-based fraud.
Anyone in the organization can become a victim – from those in the C-suite all the way down to the brand-new intern that wants to make a good impression with the CEO. That’s why organizations need to employ Security Awareness Training to educate users on scams like these and the need to pick up the phone to verify the gift card request.
Trends like these tend to swell for a time, as scammers catch wind of what’s working right now – and change their tactics to secure the maximum take. Putting protective measures in place that elevate the users mindfulness to attacks, scams, and anything downright suspicious is likely one of the most impactful ways to stop scams like this from succeeding.
** Optrics Inc. is an Authorized KnowBe4 partner
Find out how affordable new-school security awareness training is for your organization. Get a quote now.
The original article can be found here: