Blog Article

Gift Card Scams & Stolen Emails

Gift Card Scams & Stolen Emails - Holidays and long weekends are a popular time for email scammers to strike. Read these tips to stay safe!
Andrew Meyercord

By Andrew Meyercord, IT Systems Engineer
Published On 07/16/2019

Holidays and long weekends are a popular time for email scammers to strike. Recipients of scam messages are more likely to believe urgent pleas for money or assistance from an acquaintance on vacation who says they are unreachable by phone. Meanwhile, victims are less likely to check their email on their day off to discover strange replies that might tip them off that their account has been hacked and used to send scams to their contacts.

That might help explain why this morning after Independence Day weekend, I have already heard from several people who received an email from a known contact who claims to be travelling and in urgent need of a birthday gift for a relative (warning bells!)

In this scam, the contact asks the recipient as a favor to purchase a several hundred dollars in gift cards and email them to the relative with the promise of repayment as soon as they return from their trip. Of course, many people can identify this as a scam and know that they should not purchase the gift cards (which are commonly requested by scammers in lieu of wire transfers), but a more serious concern is that the sender’s email account has very likely been compromised and used to send this scam to dozens of their personal and business contacts without their knowledge.

Is there anything you can do?

If you ever receive one of these messages from a friend or colleague, you may wish to notify them via telephone (not by email – you’ll see why in a bit) that their email password may have been stolen and their email account compromised. They should immediately change their password, and if they have reused the same password on other online systems, they should change it there as well, preferably using a unique password on every system.

Why not just reply to the email?

In many cases the attackers perpetuating these scams will also create email filter rules to automatically delete or redirect inbound emails to an external mailbox that they control. This prevents the real account owner from being alerted to the compromise and allows the attacker to monitor the email remotely for signs that they’ve been discovered. So after changing the email password, users should also check their email filtering rules for any suspicious rules that were created without their knowledge. Filter rules are a feature that most users don’t access frequently, so these links may help finding the setting for several common email providers:

How can users protect their accounts?

Everyone can follow a few basic precautions that will help avoid a compromised online account:

1. Use a password manager to generate and securely store random, unique passwords for each and every site so that one stolen password does not jeopardize multiple accounts.

2. Enable two-step verification (also known as two-factor authentication) on all accounts that offer it, but especially for email and banking accounts. This makes it much more difficult for an attacker to log in with a stolen password. Instructions depend on your provider, but most email and banking services offer this option now:

 

3. Never type a password into a website that was accessed via an email link. Attackers steal passwords by forging email from a well-known website with a link to a fake login form. The login page may look exactly like the real site, but the password is sent to the attacker instead. The forgery might even log into the legitimate site afterword to avoid raising suspicion.

P.S. Don't LET YOUR FRIENDS MISS OUT. Share this article:

Andrew Meyercord

By Andrew Meyercord, IT Systems Engineer

"Andrew is an IT veteran, having worked in the field since 1998, and has been with Merriman since 2016. He loves the supportive community at Merriman and knowing that colleagues are always looking out for each other, encouraging one another to succeed.

Andrew volunteers with the WGU Cybersecurity Club, helping other students prepare for cybersecurity competitions, and in his free time enjoys cooking and playing pool. He lives in Lake Forest Park with his partner Tara and two senior pit bulls, Sassy and Peekaboo. Though originally from Dallas, Andrew enjoys the trees, mountains, and ocean views of the Pacific Northwest and how no one takes a sunny day for granted."

Articles Straight to Your Inbox

Subscribe to Merriman's Envision Newsletter to receive in-depth articles and expert commentary, delivered monthly to your inbox:

"*" indicates required fields

Name*
This field is for validation purposes and should be left unchanged.

By submitting your information, you consent to subscribe to Merriman's email list so that we may send you relevant content from time to time. Please see our Privacy Policy.