Beware of Spear Phishing and Gift Card Scams

Trying to manage holiday schedules, end-of-year deadlines and festive gatherings can have you running pretty thin this time of year. Unfortunately, cybercriminals take advantage of these distractions and utilize this time of year to go spear phishing with your employees.

Barracuda Networks, a leading email security solution, recently published a report stating holiday gift card scams have increased since October. And, we’ve seen the same increase with our own customers as well.

protect agains spear phishingWhat is spear phishing?

Spear phishing differs from regular phishing because the attack is personalized to an individual. It’s a type of cyber fraud that impersonates someone’s email within the company. Usually, the email the cybercriminal chooses to impersonate is someone in a position of high authority. The imposter emails someone with less authority and asks them to do any of the following: wire money, buy gift certificates, change a direct deposit, request W-2s or more.

Gift card scams: A holiday favorite

For the holidays, cybercriminals targeted gift cards, as many people will fall victim to a request from a superior to buy bulk gift cards during the holiday season. Here’s a real-life example of this gift card spear phishing that happened to one of our clients: An executive assistant received an urgent email from the CEO. The email explained the executive assistant needed to buy a large amount of iTunes gift cards immediately and mail it to a certain location. It also requested she kept the gift cards a secret as they were holiday gifts for clients and employees.

In this case, the executive assistant had a close enough relationship with the CEO that she felt comfortable to ask about the peculiar request. However, in many scenarios, company employees go ahead and fulfill the request. After all, it’s their boss asking them!

This example displays many of the traits that these hackers are using: The emails come with a sense of urgency, secrecy and some sort of relevant details that make it seem more legitimate. Executive assistants, office managers and receptionists are preyed upon more often as these roles are typically in charge of purchasing items such as gift cards during the busy holiday season.

Watch for suspicious emails from mobile devices

The Barracuda Networks Spotlight Report also pointed out many of the emails look like they’re coming from a mobile device. “This conveys a sense of urgency and implies that the impersonated employee is out of the office, so there is no way to contact them in person to verify the request,” according to Asaf Cidon, VP of Content Security at Barracuda Networks.


How Do You Protect Yourself?

We recommend using Barracuda Networks, which uses artificial intelligence automation to look for anomalies within the company’s email. Barracuda works with many popular emails systems, including Office 365.

Protect against spear phishing

Use these tips to avoid falling for cyber spear phishing this holiday season. Be sure to pass along this info to any employee who would oversee making holiday purchases, as they could be a target. It’s getting harder and harder to avoid the Grinches that try to cyber-steal holiday joy, but being alert and aware will help minimize you and your company’s risk.

This article was originally published in the Tulsa World