Skip to content

Protecting Yourself from Gift Card Scams

Gift cards are popular for every occasion, but if you are giving them or getting them, you could get caught in a gift card scam. There are more variations of a gift card scam out there than you might think, and they include both digital and physical cards.

gift card scamHere are two common gift card scams to protect against:

The “Assistant Gift Card Scam”

Small businesses are victims of the Assistant Gift Card Scam. We see this a lot in the financial services industry, but it can happen in any organization that employs an assistant to manage administrative tasks.

This is a low-effort scam that frequently gets mistaken for a phishing attack. Using publicly available information, a scammer reaches out to an assistant and asks them to buy some gift cards for a client. The scammer requests photos of the gift cards with the activation codes scratched off, or simply asks for the numbers on the cards.

People mistake this for a phishing scam because it seems that the request is legitimate. The scammer will claim to be a CEO or other senior-level employee. The scammer will know the assistant’s name and may use a conversational tone in texts or emails.

But as we mentioned, this is a low-effort scam. The scammer is not using any actual employee accounts or phone numbers, they’re just repeating information found on a public website. Once they have the codes from the gift cards, they redeem them immediately and the money is gone.

There are two simple ways to avoid this gift card scam. First, review any request for a gift card with the person who made the request. In other words, call your boss to make sure the request is legitimate. Second, don’t publish personally identifying information on your company website. There is no reason for the general public to know the names of your administrative assistants or service reps. Small businesses will often post these names, and sometimes emails and phone numbers, to make their company look friendly, or to make the staff appear bigger than it actually is. Doing this invites scammers to try their luck with you.

Using a Gift Card to Transform it to Cash

If you get a $200 gift card to a store, and then it’s stolen, it’s like you have lost money. It’s essentially the same as if someone stole $200 from your pocket. You might be wondering how a scammer can turn a gift card into cash. Here’s how it works:

  • The thief takes a gift card out of your gym locker.
  • Instead of using it it at the store, he puts an ad online offering it at a $50 discount, saying he’s in a rough spot and needs cash.
  • Someone takes him up on the offer and sends him $150 via Venmo.
  • The thief then goes and uses the gift card at the store. He takes the item he bought and sells it on eBay….and never ships the card to the person who bought it.
  • So now, he has the $150 plus the cash he got from selling the item he bought.

Infiltrating Gift Card Accounts Online

Another way that a thief can scam people with gift cards is by taking advantage of software. They use a botnet, a network of computers designed to hack, to gain access to an online gift card account. The botnet will try thousands of possible passwords to get into your account, in what is known as a “brute force attack.” This is a remote, low-effort attack, but if the hacker can gain access to your account, they will drain it.

There are a couple of things you can do to protect against gift card account hackers:

  • Whenever possible, create a custom username. This is a good practice for any account that can access your money, payment services or gift cards. Your email and phone number are almost inevitably for sale on the Dark Web. Hackers use that personal information, and the fact that most people set up user accounts with their email as a user ID, to target their hacking. Create a crazy username that nobody but you would guess, and you dramatically reduce your risk of becoming a victim.
  • Choose a strong password that is at least 12 characters with at least one uppercase letter and one symbol or number. The more numbers, symbols and uppercase letters the better, but what really makes a difference is password length. Longer passwords are nearly impossible to crack with brute force attacks, because it would take the botnet a decade or more to figure them out. Hackers will give up and go for people with simple, short passwords.
  • Always use two-factor authentication that requires a code to go to your smart phone. If someone manages to crack your password, you’ll know, and you’ll be able to block the hack.

Additional Ways to Protect Now from Gift Card Scams

  • Buy a gift card straight from the source, not from a random Facebook ad.
  • Change the security code of the card if you can.
  • If you have access to an online account, change your password and username.
  • As soon as you suspect something fraudulent is going on, report it.
  • Spend the money on the card as quickly as possible.

Written by Robert Siciliano, CEO of Credit Parent, Head of Training & Security Awareness Expert at Protect Now, #1 Best Selling Amazon author, Media Personality & Architect of CSI Protection Certification.

CALL US: (800) 658-8311