Gift card scams are attractive to cyber criminals for the same reasons gift cards are attractive to us, they’re relatively straightforward and simple! With Black Friday, Cyber Monday and Christmas just around the corner we wanted to highlight some of the ways cyber criminals are using gift cards in their scams and some top tips for protecting yourself against them.
It is important for us to consider the impact of COVID-19 on our spending habits, with a 50% increase in digital gift card sales since lockdown, gift cards are providing greater opportunities for cyber criminals to exploit. It is also important that we take into consideration the hardship many businesses have faced over the last few months, with many retailers promoting gift cards as a gifting option. We know that cyber criminals follow the numbers, the more we use a platform or technology the more they’ll exploit it, and gift cards are no different. Since March 2020, some gift card scams are reported to have increased by 820%.
We have seen cyber criminals using gift cards in an all manner of social engineering attacks and automated attacks. Let’s look at how these attacks work, some case studies from 2020 and some top tips for protecting yourself against them.
Gift card social engineering and data harvesting
We’ve seen a rise in gift card scams on social media over the last year. Social media enables cyber criminals to engage with a wider audience without having to be connected or have their email addresses. An interesting example of this is the Asda gift card scam seen on Facebook earlier this year.
Below you can see that the cyber criminals used official Asda branding to create their Facebook business page, they then used Facebooks Ads to turn the post into a sponsored post, which helps to seemingly legitimise the post. They have then used social engineering tricks such as placing a sense of scarcity on the number of gift cards available and incorporating emojis to help the post look more engaging.
This gift card scam was actually harvesting individuals’ data, and a lot of it. In order to claim the supposed gift card, you were asked to input your home address, mobile number, bank account details, sort code and 3-digit security number!
Gift card fraud In some cases of this social engineering attack, the criminals compromise accounts and in others they spoof email addresses, both with the aim of impersonating their target’s boss or friends. They then email the target asking them for help, and once the target has responded they ask them to purchase a gift card with the promise they’ll pay them back. Birmingham University’s staff and students were subjected to this type of scam earlier this year.
Gift card brute force This is an automated attack that involves criminals “guessing” the combinations of digits and letters used on gift cards. It can, unfortunately, be relatively straightforward in some cases, when the gift card codes follow a pattern. Once they have cracked a gift card, if funds are available the cyber criminals will purchase items or transfer funds to other cards.
Account takeover gift card attacks During this attack cyber criminals use compromised usernames and passwords to gain access to an individual’s online accounts. The cyber criminals then exchange loyalty reward points into gift cards for themselves which they then exchange into money using a gift card exchange service. Read more about loyalty card fraud here.
Top tips for protecting yourself against these four gift card attacks:
✅ If you see a social media post, email, SMS message that suggests you could receive or have received a gift card avoid clicking on any links and be aware this could be social engineering. Instead, go directly to the source (for example, the retailer’s website). ✅ Never input personal details in a gift card post you have seen on social media or email, instead go directly to the legitimate source to verify if they have sent a gift card or are advertising a gift card. ✅ If you receive a communication that you’re not expecting (whether by WhatsApp, email, phone call, SMS message or any other way) that is asking you to do something and makes you feel emotional (rushed, happy, panicked, embarrassed or anything else), be aware this could be social engineering. ✅ Ensure you have a good, strong password for your accounts. The UK National Cyber Security Centre (NCSC), recommend that you start with three well-chosen random words. For example: fogautumngoat. Be sure to then include numbers, capital letters & symbols: F0g@utuMnG0@t. ✅ Consider using a password manager to help generate and store all your passwords. Some that are commonly recommended are 1Password, Dashlane and KeePass. ✅ Ensure you have two-factor authentication on all accounts where it is available. Read our guidance on account security here. ✅ Share this advice with your family and friends. This time of year we always see a spike in gift card scams and 2020 has been challenging enough, let’s protected and empower our loved ones to recognise the red flags of a gift card scam.
I appreciate Henry for making me realise the truth to a certified hacker who knows a lot about what he is doing. I strongly recommend you hire him because he’s the best out there and always delivers. I have referred over 10 people to him and all had positive results. He can help you hack into any devices, social networks including – Facebook, Hangout, iMessages, Twitter accounts, Snap chat , Instagram, Whatsapp, wechat, text messages ,smartphone cloning,tracking emails and also any other social media messenger or sites. It’s advisable to hire a professional hacker.Thank me later. Contact him here., Henryclarkethicalhacker@gmail.com and you can text, call and Whatsapp him on +1(201)4305865, or +1(219)7960574.....
Contact him for any type of hacking, he is a professional hacker that specializes in exposing cheating spouses, and every other hacking related issues. he is a cyber guru, he helps catch cheating spouses by hacking their communications like call, Facebook, text, emails, Skype, whats-app and many more. I have used this service before and he did a very good job, he gave me every proof I needed to know that my fiancee was cheating. You can contact him on his email to help you catch your cheating spouse, or for any other hacking related problems, like hacking websites, bank statement, grades and many more. he will definitely help you, he has helped a lot of people, contact him on,…
I’m excited to write about Henry Hacker, he is a great and brilliant hacker who penetrated my spouse’s phone without a physical installation app. And I was able to access my spouse’s phone, SMS, Whatsapp, Instagram, Facebook, Wechat, Snapchat, Call Logs, Kik, Twitter and all social media. The most amazing thing there is that he restores all phone deleted text messages. And I also have access to everything including the phone gallery without touching the phone.I can see the whole secret of my spouse. Contact him for any hacking service. He is also a genius in repairing Credit Score, increasing school grade, Clear Criminal Record etc. His service is fast. Contact:, Henryclarkethicalhacker@gmail.com and you can text, call him on whatsapp…