With the advancement of internet technologies, scammers are always in a quest of finding new methods to exploit users and gain money or data from them. While this being a general thought, Agari, an email security firm reported that simple social engineering technique as gift card fraud is gaining traction in recent days, with scammers gaining hundreds to thousands and even millions of dollars in one go!
The Simple Social Engineering Technique
Business email comprises (BEC) attacks are one of the well-paying methods for attackers. FBI reports that businesses are losing over $700 million a month falling for phishing attacks, BEC attacks and simple gift card scams. This percentage of victimization is on the rise.
Agari, an email security firm reported that businesses witnessed a gradual rise in gift card scams in 2019 ending quarter. The percentage rise of 6% from 56% to 62%, out of all the BEC attacks. Here, an attacker firstly compromises any of the top executive’s email and messages his subordinates to wire transfer or buy a gift card for some cause. And the request being from the boss, most would eventually comply and do so, losing the money.
The general reasons quoted for wire transferring the money could be anything, from fake invoices to business deals or new contracts, which the subordinate belief in. And for gift card scam, it would be carefully crafted and released accordingly to seem attractive. The last holiday season has yielded much for the adversaries, making them super-rich.
From $250 to $10,000
The gift card scams are simple and are more of social engineering techniques rather than technical hijackings. Reports say the minimum amount of these scams start from as low as $250 to more than $10,000 for each gift code. The average amount was said to be $1,627 and these would be targeted across multiple departments of the same organization!
The common gift card choices are of
Google Play, eBay, Amazon, Steam, Apple Store, Target, iTunes, Best Buy and Walmart. The method is a popular choice amongst attackers for being less riskier (due to low amounts) and successful. Further, these give the attacker a quick way to cash out.