When someone gives you a gift and you start checking if it is safe, it seems like a sign of ingratitude. "They give you a donkey and you look at it in the teeth?" says tradition. And yet, in the case of the gift card, the best thing to do is really look at the "donkey in the teeth".
Christmas is approaching and we are all searching the internet for gifts. Gift cards are an increasingly popular choice, which means that you can easily buy them as a gift or accept a gift card as a gift for the Christmas holidays.
In fact, gift cards have become a huge market in the world and are projected to grow rapidly in the coming years, reaching an impressive $ 2 trillion by 2027.
Needless to say, the popularity of the gift card has not escaped the attention of cybercriminals, who have developed an entire underground industry around them.
Some scams use the cards themselves as a lure to trick you into revealing sensitive personal and financial information.
Whatever the scam, get acquainted (gain, obtain) with present-day techniques that came from Phil Muncaster, a security columnist for global cybersecurity firm ESET.
Why are gift cards so popular with fraudsters?
Gift cards are popular with cybercriminals for the same reason they are popular with consumers: they are an amount of money that is readily available and can be used to buy a huge range of goods and services.
Specifically:
• Consumers can easily obtain them, either online or in a store
• Most retail stores and big brands now offer some form of gift card.
• Just like cash, as soon as the rest of the card is used up, the gift card ceases to exist.
• The fraudster does not need to provide bank account details for payment - they only need the gift card code / PIN.
These elements have turned gift cards into a hot commodity for cybercriminals. Recently, a cybercriminal tried to sell 900.000 such cards worth about US $ 38 million on the dark Internet. The gift cards were stolen from Cardpool online discount store and involved thousands of brands - including Airbnb, Amazon, American Airlines, Chipotle, Dunkin Donuts, Marriott, Nike, Subway, Target and Walmart.
Attack tactics to watch out for
As mentioned, cybercriminals use a number of tactics.
Here are five of the most common threats to look out for:
Table of Contents
A "representative from a reputable body" requires payment
In this case your scammer is introduced as a civil servant, or an employee of a utility company or other organization. It usually threatens the victim, perhaps claiming that there are debts to the tax office or outstanding bill payments, and stresses the urgency of the payment. This is a classic case of social engineering, that is, manipulating the victim in a way that forces him to make a quick decision.
Fraud can be done in the form of phishing email, text message or even phone call (known as "vishing"). Payment is required to be made by gift card, with the fraudster usually specifying the type of card he wants to use for payment. All of these should be red flags. According to the FTC, no business or government will require a gift card payment.
Bots steal your balance
Sometimes scammers go straight to the source and digitally search for a file on your gift card.
How do they do that?
Using automated bots to investigate the IT banking systems of retailers and other organizations for details on card balances and card numbers. With this information they can use the card as if it belonged to them. This is a mature sector for exploitation, as according to research, only Americans have unused gift cards and credits of 15 billion dollars.
Forgery of cards inside the store
Scammers do not just work on the internet. Another popular trick is to visit gift shop shops and steal the numbers / secret PINs. Depending on the card, they may wait for the victim to connect to the internet to register and upload money to the card before using it.
You won an award!
Another category of scam uses the prize's lure to trick the user into paying with a gift card. The scammer contacts the victim to let him know that he has won a big prize, but he has to pay a small amount to claim his prize. It could be anything from a car to a vacation - and of course there is no prize.
Fishing to steal your data
Gift cards can be used to trick users into handing over their personal information. This is like a classic phishing attack, where the recipient is approached via email, text message or social media offering a gift card. To claim the prize he will have to fill in some personal and possibly financial information, which the scammer will then sell on the dark web or use himself for identity theft.
How to protect yourself from gift card fraud
Informing users is a big part of the fight against gift card fraud. Experts from the global cyber security company ESET give the following basic tips to stay safe on the internet:
• Only buy gift cards that have a PIN.
• Buy gift cards only from retailers who keep gift cards in locked cases and do not display them in-store.
• Remember that no business or government agency will ask to be paid with a gift card.
• Never give out personal and financial information after contacting a stranger online.
• If you are going to buy gift cards online, buy them directly from the seller and not from discount stores.
• Be cautious - if an offer seems too good to be true, it usually is not.
• Use gift cards as fast as you can.
• Check the balance of the gift card as soon as you receive it.
Remember that scammers are constantly coming up with new ways to exploit stolen data. Therefore, the above is by no means a complete list. But it should be a good starting point.