It’s the holiday season, and shoppers are flocking to stores to find the perfect gift for anyone: the gift card. However, these handy little plastic rectangles may not be so perfect after all. This year, they’ve been a key component to a business email compromise scam that has been popular in the past few months.
Why Gift Cards, And Why Businesses
Let’s look at the situation for a moment. You spend most of your time around your team. You’ve more than likely developed some kind of familiarity with them, or at the very least have been roped into an office gift exchange. If you aren’t familiar with all of your coworkers or employees, you may have a rough time selecting the right gift for them.
In light of this, it starts to make sense to gift them something that they can pick out for themselves, as gift cards enable you to do. This probably explains why gift cards are such a popular option for so many.
Unfortunately, this also practically hands scammers the opportunity to make a lot of money.
The Scam in Action
Using spoofed emails and social engineering tactics to their advantage, a hacker can scam a company’s users by posing as an authority figure, like the president or the CEO. Under this guise, the scammer can instruct the user to purchase gift cards for the staff and to pass along the redemption codes to the scammer.
Since these instructions “come from above,” the employee complies, not realizing that they are sending company funds to a cybercriminal in an effectively untraceable form of currency.
How to Avoid This Scam
Awareness is key to protecting your business’ interests, resources, and funds–and this awareness needs to be on all levels of your organization. Each and every member needs to be educated on how to spot these scams, and how to confirm them.
This confirmation is another crucial component to your business security. If your employees don’t develop the habit of confirming requests like this through a secondary line of communication, the company is left vulnerable to this scam and similar ones. Sure, fielding confirmation requests from your employees may get old, and fast, but it will almost certainly be preferable when compared to being scammed.
When all is said and done, scammers are going to keep trying to take advantage of you, your employees, and your business at large. Palindrome Consulting can help to protect you. Give us a call at 305-944-7300 today.