If your boss wanted to give out gift cards, how would they order those gift cards? Would they send you an email asking you to rush out and buy some, and then ask you to scratch off the backs and email the codes?
Probably not. Yet this exact scenario has become a prolific, and unusually successful, email phishing scam.
The scam goes like this:
- Employee receives a ‘plain text’ email. The email appears to come from their boss.
- In the email, the "boss" asks the employee to buy some gift cards.
- Next, the email asks the employee to scratch off the gift card backings to display the unique PIN codes and email those codes back to the boss.
- The scammer takes the code, cashes out the gift card in minutes, and vanishes.
This scam has made the rounds since mid-2018. That cybercriminals still use it means it still works. Several of our customers have reported receiving such emails—unfortunately some falling for them—within the last few months.
As scams go, this one's clever. How does it work so well?
- It uses a "display-name spoof" – putting a real person's name in the "From" field.
- Most employees want to please their boss—so when they’re given a mission, they get on it!
- The text of the email reads like the person actually wrote it. We can spot terrible grammar a mile away. Normal grammar however, that doesn't ring alarm bells.
- Sometimes the scam uses a time limit, e.g. "Can you do this before end of day?" This creates a sense of urgency, which compels action with little time to think.
Defeating the scam is simple. First, hit Reply to the email and check the return email address for the "request." Chances are it's not your boss' email address. Delete that email (do NOT send it).
Next, send a separate email to your boss asking if they sent the first message. Chances are they didn't.
That's all. One email and one check, and you avoid a scam that could cost thousands of dollars. Pat yourself on the back for practicing good Cyber Fu!
Want to schedule Employee Cybersecurity Training for your team? Check it out at PlanetMagpie.com/CyberFu.