The Gift Card Scam: What UK Businesses Need to Know

Published
Gift Card

Executive Summary

  • The Gift Card Scam, sometimes known as the Voucher Scam, has seen a resurgence since the move to hybrid working models following the pandemic.

  • A form of social engineering phishing attack, when the gift card scam is executed via email, it can cause significant financial and emotional distress to the business and employees.

  • This scam relies on fooling unaware employees into essentially giving away company finances, but – with the right measures – it can be effectively avoided in your business.

Introduction

Did you know that private businesses in the UK suffer the equivalent of £140 billion worth of fraud every year?

It’s true – and it may be getting worse.

One of the most prevalent forms of fraud UK businesses are facing at the moment is known as the Gift Card Scam, or the Voucher Scam.

Designed to fool unsuspecting employees into emptying at least some of the company’s coffers into the pockets of unscrupulous scammers, this type of fraud has seen a spike in recent months – especially since the 2020 pandemic.

If you’re concerned about the Gift Card Scam taking a chunk of your hard-earned profits, don’t worry. Prevention is better than cure, and that all begins with learning – so let’s take a deep dive into the Gift Card Scam and try to better understand what it is, how it works, and how you can prevent it in your business.

What is the Gift Card Scam?

The Gift Card Scam is a form of social engineering which targets either individuals or businesses and uses psychological manipulation to coerce them into purchasing gift cards and sending the scammer the codes. These gift cards can be for digital services like Google and iTunes or retail gift cards to be used in the associated online store.

On the basis of that short description, you might initially wonder how this can be such a big problem – especially for businesses – but the ruthless scammers operating these schemes are manipulative in the extreme.

In order for their scam to “succeed”, the scammers need the employee in question to:

  • Believe the request for the gift card codes is a legitimate request from a senior staff member or boss.

  • Feel a sense of time pressure so that the employee has no time to second-guess what they are doing.

Through the use of these devious tactics, scammers have been able to extract countless millions of pounds from companies across the UK.

While the Gift Card Scam can be carried out over the phone, the more recent spate of this type of scam have been using email as an attack vector. Would-be scammers will either spoof an email address of a boss or other senior staff member, or simply use an external email address which is similar enough to fool a junior member of staff.

In this way, the scammers can quickly convince the staff member that they are above board, and coerce them into purchasing gift cards (often with their own money) which are then shared with the scammer to be sold or used for fraudulent purchases. 

How the Gift Card Scam targets UK businesses

Perhaps the best way to really understand how the Gift Card Scam works in practice, especially in a business context, is to see how it plays out in the real world.

With that in mind, we’ve put together a play-by-play account of exactly how a cyber-criminal would use this type of scam to manipulate an employee into coughing up the cash.

  1. First, a scammer will either hack, hijack, spoof, or create an email address which resembles that of a senior member of staff.
  2. They will then identify another member of staff to target with the scam. Sadly, they often pick the most junior members of any team, the new starters. Because new staff are often still learning the ropes, and eager to please, they are perhaps most susceptible to this form of manipulation.
  3. The scammer will email the staff member and tell them that they need them to run out to a local shop or digital store to order some gift cards. They usually dress it up with a false narrative about a client meeting and wanting them as presents for the clients – all complete bunkum, of course.
  4. Importantly, the scammer will tell the staff member that they can’t do this themselves because they’re busy, usually in a meeting. They’ll also usually say it must be done within the next 30 minutes to an hour.
  5. Not wishing to question or let down their boss or manager, the willing staff member will go out and purchase the gift cards, then take photos of the codes and email them to their “boss” – who will then disappear into the ether, taking the cards (and their value) with them.

It can sometimes be quite a while until these scams are discovered, with some employees even trying to claim expenses for the gift cards before discovering the truth.

Why is the Gift Card Scam more prevalent after 2020?

As we covered in a recent article exploring the impact of the global pandemic on business cyber security, there’s been a huge uptick in cybercrime and malware attacks in recent years.

We recommend checking out our article for the full rundown of the root causes, but the catalyst of the surge in cyberattacks is mainly the move to work-from-home. Millions of workers were suddenly flung head-first into using their home as their office, and that opened the door to various cyber security issues which – thankfully – are slowly being addressed.

This includes the Gift Card Scam, because the scammers are well aware that employees may be more likely to fall for their manipulation when isolated at home. This is especially true once the criminal applies that time pressure we mentioned above.

How to avoid falling prey to the Gift Card Scam

Now that you’re all caught up on how the Gift Card Scam works in practice, what can you do as a business to help your employees identify, react to, and avoid falling for it?

Well, as an IT support company, we’ve got some top tips to help you manage your risk from a technical standpoint and from a behavioural one too.

Use Security Hardening in your business email server to display a warning message for external emails

Assuming your company uses an internally configurable email server like Microsoft Exchange, you should immediately employ the built-in Security Hardening features to help users identify threats. One such tool is the ability to show a warning on any email which comes from an external source. This is useful because, even if an email address is spoofed as an executive internal employee, staff members will immediately be able to tell they’re dealing with a scammer – and act accordingly.

Update staff training to include common scams, including the Gift Card Scam

As we mentioned above, prevention is better than cure, so it’s important to update your training processes with details about common IT scams. In doing so, you’ll help your employees spot potential cyber security risks before they even happen – and you might just prevent a huge financial loss, too. We recommend training existing staff at least quarterly on the latest IT scams.

Ensure all new starters are particularly aware of their vulnerability to the scam

As a business owner or manager, the best thing you can do to prevent falling prey to the Gift Card Scam is to ensure new starters are also primed for this risk. Scammers will often use social media to identify new starters, so making sure the scam is explained during the onboarding phase will go a long way in preventing potential problems down the line.

It’s worth noting here that, if you do unfortunately fall victim to this type of scam, you should always report it to Action Fraud via their 24/7 cyber-crime reporting service.

Improve your cyber security with an IT support partner

We hope this deep dive into the detail of the Gift Card Scam will help you and your employees stay safe and avoid falling prey to this swindle.

We recommend sharing this article with your team internally as well as with other businesses to help raise the profile of the Gift Card Scam and, most importantly, what companies can do to avoid it.

If you’d like to learn more about how to keep your business safe in the face of rising cyber-attacks, our expert IT support team is always on-hand to help. When you partner up with us, we can provide everything from short-term IT troubleshooting to long-term IT strategy planning and cyber security hardening.

To learn more about our IT support packages, call our team today on 01865 594 000, or simply enter your details in the form below and we’ll call you.

Latest From The Blog

Viva Connections

What’s That App? A Beginner’s Guide to Microsoft Viva

In this edition of “What’s That App?”, we’re looking into the employee experience and engagement platform Microsoft Viva. Could it be the catalyst to your business thriving in the new remote working economy?
LinkedIn

The Great LinkedIn Data Scrape (And What It Means for UK Businesses)

In mid-2021, a group of hackers managed to access the data of 700 million LinkedIn users via a method called ‘scraping’. Here’s what UK businesses need to know about this potential cyber security risk.
Data Backup

IT Support Insider: Backup, Disaster Recovery, and Business Continuity

In this edition of our IT Support Insider series, we’re turning our attention to an area of computing which can be a genuine lifesaver: backup, disaster recovery, and business continuity