Recognizing Gift Card Scams
What are gift card scams?
These email and text phishing scams rely on impersonation and social engineering tactics to engage with victims to ask them to purchase gift cards. The attackers leverage authority and urgency in their requests and frequently impersonate high-level executives, Deans, or Chairs of departments as part of the scam. After a few exchanges, the person asks you to purchase gift cards and send them the activation codes.
These attacks work because they are a simple, quick way to get money from their targeted victims, especially when the email impersonates someone in the organization.
What should I do?
If you get an email from a colleague asking if you "are available?" or asking for you to only "text them" before responding, reach out to the sender in a separate email or call them to check if they actually sent the request.
Don't reply to the email or use any contact information provided in the email - attackers often provide fake numbers or email addresses that they control.
If you discover the email is a phish, report it! Email the email or screenshot the text message to phishing@baypath.edu
Below are three examples of these types of attacks:
Example #1
Example #2
Example #3
From: xxx.baypathedu@gmail.com
Subject: URGENT REQUEST
To: xxxxx@baypath.edu
Are you available ?
No calls text only 707540XXXX
Best Regards
Sandra Doran
President
From: xxx
Subject: Quick question
To: xxxxx@baypath.edu
I'm in a meeting and need help getting some Amazon Gift Cards.
<Name Removed>
Bay Path University
From: (707) 415-XXXX
To: (413) 314-XXXX
Hello xxxx
What’s your availability at the moment?, I’m so tied up in an impromptu meeting right now, I would have preferred to call you but phone call is not allowed during the meeting and I need you to run an urgent task for me. Let me know if you can do this for me.
Best Regards,
Sandra J. Doran, J.D.
President