FBI Portland
Beth Anne Steele
(503) 460-8099
December 4, 2018

Oregon FBI Tech Tuesday: Building a Digital Defense Against Business Email Compromise Involving Gift Card Fraud

Welcome to the Oregon FBI’s Tech Tuesday segment. This week: Building a digital defense against Business Email Compromise, this time combined with gift card fraud.

Scammers know businesses are more likely to reward employees or thank customers during this time of year. ‘Tis the season, after all, for presents, incentives, and end-of-year bonuses. That combined with an upward spike in business email compromise scams make companies particularly vulnerable to this kind of fraud.

Over the past year and a half—and especially in the last few months—the FBI’s Internet Crime Complaint Center, IC3.gov, has seen a huge increase in the number of businesses that are getting hit with this kind of fraud. From January 2017 to this fall, the adjusted loss topped $1 million.

The scam starts with a spoofed email or text from a person of authority, such as a CEO or HR director, telling an employee to purchase gift cards for the executive to give away or to use to purchase items, say, for a Christmas party. The employee is told to send the gift card information, including the number and PIN, back to the “boss”—really the fraudster—who then can cash out the value before you know there is a problem.

There are ways to prevent these types of scams:

  • Keep an eye out for email addresses that look similar to, but not exactly the same as the ones used by your work supervisors or peers.
  • Be wary of requests to buy multiple gift cards, even if the request seems ordinary.
  • Watch out for grammatical errors or odd phrasing.
  • Notice language that tries to pressure you to purchase the cards quickly.
  • Finally, be wary if the sender asks you to send the gift card number and PIN back to him.

In any case, requests for gift card purchases or wire transfers should be highly scrutinized. Make sure your business uses two-factor authentication protocols or at least follow up a phone call to confirm any transfer of funds.

IC3 says that while this kind of fraud can happen to any company, there are a variety of sectors most at risk. They include the real estate, legal, medical, and distribution and supply parts of our economy as well as religious organizations.

If you have been victimized by this or any cyber fraud, be sure to report it to the FBI’s Internet Crime Complaint Center at www.ic3.gov or call your local FBI office.