Provided by KnowBe4
At the end of the year, nearly every company is thinking about holiday bonuses, corporate gifts, and holiday greeting cards for customers. So it's not unusual to think that the head of an organization might want to give out some gift cards to select employees at this time of year.
This all-too-common scenario is being taken advantage of by cyber criminals, according to security company Barracuda. Using simple impersonation tactics, the bad guys pose as the CEO asking an office manager, executive assistant, or receptionist to discreetly purchase some gift cards that will be used as gifts to employees.
Using well-researched personnel details, these cyber criminals are able to identify an appropriate individual to target, send them an email from the CEO's supposed personal account, implying a sense of urgency to move the victim to act. The "CEO" ends up with hundreds of dollars on cards that are virtually untraceable.
According to security vendor, Agari, gift cards have overtaken wire transfers and payroll diversion as one of the easiest and least recoverable ways to cash out of a fraud scam. Nearly two-thirds of business email compromise scams (also known as CEO fraud) are now using gift cards as the medium to defraud victims. The best defense against such scams is educating your employees to know what to look for in fraudulent emails and also to verify requests such as this by phone before purchasing anything.