What are gift card scams?
These email phishing scams rely on impersonation and social engineering tactics to engage with victims to ask them to purchase gift cards. The attackers leverage authority and urgency in their requests and will frequently impersonate high-level executives, Deans, or Chairs of departments as part of the scam. After a few exchanges the person asks you to purchase gift cards and send them the activation codes.
These attacks work because they are a simple, quick way to get money from their targeted victims, especially when the email is impersonating someone in the organization.
What should I do?
- If you get an email from a colleague asking if you "are available?" or asking for you to only "text them", before responding, reach out to the sender in a separate email or call them to check if they actually sent the request.
- Don't reply to the email or use any contact information provided in the email - attackers often provide fake numbers or email addresses that they control.
- If you discover the email is a phish, report it! http://security.berkeley.edu/phishing/report