The Information Security team at Vail has received several reports of gift card scam emails coming to employees. Scammers target employees that have purchasing capabilities or access to company funds and attempt to trick them into either wiring money or buying gift cards. Threat actors like to use gift cards because they can quickly turn them into cash/goods, they can remain anonymous and this kind of transaction cannot always be reversed. The most common ask is for Google Play or iTunes gift cards. Here's an example:
Scammers are usually counting on just a few of their targets to respond to their emails; however the success rate and easy ability to monetize means that this continues to be a regularly utilized technique. In fact, “Gift card-related losses reported to the agency [FTC] totaled $20 million in 2015, $27 million in 2016, $40 million in 2017, and $53 million in the first nine months of 2018 alone”, according to Wired magazine.
What can you do to help?
- Be cautious of emails requesting gift cards and emails that have a sense of urgency.
- If you have any doubt when you read an email from an executive or manager, give that person a call or swing by their desk to check in.
- Look out for grammatical and spelling errors in emails.
- Look for small differences in the email address that it is coming from, e.g. instead of @vailresorts.com it is @vailresorts.co.
- This activity can also be attempted by a phone call, so be careful with phone calls on your work or personal devices.