Picture of a laptop and a hand holding a credit card

The Federal Trade Commission (FTC) warns about increase in Gift Card Scams.

According to the FTC gift cards are the #1 payment method for impostor scams. In the gift card scam, the scammer plays into your emotions by impersonating someone else and urgently asking or sometimes demanding you to buy gift cards.

According to the FTC, the scammer,

“might pose as IRS officials and say you’re in trouble for not paying taxes; or a family member with an emergency; or a public utility company threatening to shut off your water; or even a servicemember selling something before deployment. Or they might call with great news – you’ve won a contest or a prize! But to get it, you need to pay fees with a gift card.”

Some gift card scammers have evolved beyond emails and phone calls and create spoofed email addresses that look like the sender of the message is someone you know. Instead, the email scam could look like it’s coming from your boss, CEO of the company, or president of the University.

The FTC says that the general rule of thumb is, “if anyone tells you to pay by gift card, or by wiring money, – for any reason – that’s a sure sign of scam. “

Read Federal Trade Commission’s Article about the gift card scam.

Simulated Phish :

On Wednesday 25th, the Offices of Information Security and Human Resources will send a simulated Phish email to all Faculty and Staff.

The purpose of the simulated phish emails is to raise awareness and explain how these scams work.

People replying to this email will automatically get another email linking to this blog post and an excerpt from it.

 

Picture of a simulated phish. The text reads "Subject: Urgent. BodyLAre you available? I need gift cards for a select group of clients and have to send them out in less than an hour. I would provide you with the type of gift cards and amount of each. Sent from my iPad NOTE: This email originated from outside Chapman's network. Do not click links or open attachments unless you recognize the sender and know content is safe."

 

Why would this scam work?

The scammers have a convincing story and they impersonate someone important in your life (family member, an executive in your company, the IRS)

 

Why wouldn’t this scam work? (Red Flags)

  • We don’t have a CEO.  And even if we had one, why would he contact me out of the blue and ask for my help?
  • The request is unlikely “gift cards for clients” in subsequent emails the scammer would ask for a picture of the redemption code – akin to gifting a box with torn wrapping – opened.
  • The sender’s email address is “CEO@spoofed.gmail.com”.
    -Also, hitting the “Reply” button in Outlook, the email address expands to “CEO <ceo.9kkljwd@chapman.gmail.net-login.com>”. This is not a “@chapman.edu” email address.
    – The scammers are relying on the display name to trick people into thinking they are talking to the “CEO”
  • The yellow banner that reads: “NOTE: This email originated from outside Chapman’s network. Do not click links or open attachments unless you recognize the sender and know content is safe.”
    – This is a preventive measure implemented by the department of Information Systems and Technology to help identify emails that originate outside the chapman.edu domain.

 

The logic behind the scam:

  • Most people will do their best to help someone in need. The scammers impersonate someone important in your life or institution.
  • They have a convincing story and the only solution is you sending them pictures of gift cards with the redemption code exposed.
  • If the victim takes the bait and emails the pictures of the gift cards, the scammers redeem the codes immediately or exchange them for cash or other gift cards.
  • The Gift card funds cannot be traced. At that point, the funds are gone with no way of getting them back.

If you have any questions or you received a fraudulent email request, please email abuse@chapman.edu.

This scam is also featured on Chapman University’s “Trending Scams” page.