Opinion

When Your Boss Asks For a Gift Card...

2023-03-23
5 minute read
ss image
Jeff Sager
Author
blog post banner

As telecommunication fraud continues to grow exponentially with reported losses in 2022 of $530 million in Canada[1] and nearly $40 billion in the United States[2], it's never been more important to stay informed and vigilant. There are a multitude of scams that have contributed to these numbers, and among them is one that has cost North American companies billions of dollars already. This is known as the gift card scam.

What is the Gift Card Scam?

Also known as "fake boss scams", the gift card scam refers to scammers who impersonate supervisors of employees and trick them into buying gift cards for them over text or email. The reasons they supposedly need their employee to buy them a gift card may vary, but the result is always the same: financial losses to the employee that cannot be retrieved. It's also worth noting that because so many employees work remotely these days, there is more and more opportunity for this scam to be successful.

How Does it Work?

STEP 1: The scammer searches the internet for names and emails of a company's high-ranking supervisors, as well as job titles, telephone numbers, and other important information about the company.

STEP 2: The scammer either hacks into the supervisor's business account or creates a similar email domain that will likely go unnoticed. For example, "joesmith@microsoft.com" might become "joesmith@micr0soft.com".

Alternatively, they sometimes create fake email accounts through Gmail, Hotmail, or other services, and make up some kind of excuse for needing to use their "personal email". In some cases, they may even spoof a phone number from your area code and send a text message instead.

STEP 3: Either by email or text, the scammer successfully makes contact with a lower level employee, asking them to buy gift cards and send the gift card numbers or PINs back via email or text.

Common Examples for Needing a Gift Card

  • Pay for an upcoming office party
  • Support a charity
  • Ask an employee to pay a bill and promise to pay them back
  • Needing urgent assistance with something they don't have the time to explain

Scammers can be very convincing and will have often done their research through various "phishing" tactics. The best ones will know details about your company and even the way your boss might communicate via text. Keep this in mind if you find yourself in a situation like this and make sure to verify your "boss"'s identity before pulling any triggers.

Why Gift Cards?

Gift cards are the perfect currency for scammers because they are untraceable. Once a purchase with a gift card has been made... POOF! It's gone and has no money trail. Gift cards also do not provide the same protection that credit cards and debit cards do, so they really are the perfect crime.

Tips to Protect Yourself Against Gift Card Scams

  1. If someone texts you pretending to be your boss, use Whois by SIPSTACK to check the unknown number. This will allow you to see what rating this number has and whether or not it is safe before you decide to respond.
  2. If you find out the number does belong to a scammer, rate and review it in the Whois portal, so members of your community can protect themselves as well.
  3. Create an account and verify your number with Whois. This will put you on the "Do Not Call List" from verified spam numbers and other unwanted telemarketers.
  4. If you do receive emails or texts from someone saying they're your boss from an unusual number or email, pause and verify. Remember that scammers like to prey on your emotions by creating a false sense of urgency.
  5. Never reply directly to the text or email before first confirming with your boss through their trusted email or phone number. If it's an authentic request from your actual boss, they will understand and appreciate you wanting to do so.
  6. Work with your company's IT department to spoof-proof your company email by setting up security and spam filters. You can also set up an "external email warning" that will provide a warning message to the top of any emails that are sent from someone outside of your organization.

How SIPSTACK Fights Fraud

Using the latest technology and machine learning, SIPSTACK's systems authenticate all activity in real time against variables that affect your security. When a carrier implements SIPSTACK's Smart CNAM, they are able to customize a threshold for calls to pass through, based on their specific needs. Additionally, Whois by Sipstack is the biggest and best AI-powered reverse lookup database for individuals to help eradicate spam. At SIPSTACK, we take an active role in ensuring we are building a secure and connected tomorrow. Contact us today to learn how you can protect yourself from spam.

References


  1. https://www.antifraudcentre-centreantifraude.ca/index-eng.htm ↩︎

  2. https://www.cnbc.com/2022/11/05/how-phone-scammers-tricked-americans-out-of-tens-of-billions-of-dollars-in-2022.html#:~:text=Phone%20scams%20are%20on%20the,nearly%20%2440%20billion%20in%20total. contributing to these numbers, and among them is one t ↩︎