Gift cards offer businesses a convenient way to reward employees and thank customers. However, as the FBI recently warned, gift card scams specifically targeting companies are on the rise. Since January 2017, losses from such fraud schemes have surpassed $1 million. Here’s what you need to know to avoid being cheated.
Anatomy of a scam
Fraudsters use classic “spoofing” strategies to execute what law enforcement terms Business Internet Compromise (BIC) scams. They email or text an employee, claiming to be someone who can authorize gift card expenditures, such as the company’s CEO or HR director.
Messages typically instruct the employee to purchase gift cards for the executive to give as gifts or to use for office expenses, such as holiday party supplies. The employee is told to send the gift card information, including card numbers and PINs, back to the “executive” (in reality, the scammer) who then cashes out the cards’ value. By the time the business catches on, it’s already too late to recover the stolen funds.
All companies are vulnerable to this type of fraud. But certain sectors seem to be at increased risk, including real estate, legal, medical, and distribution and supply businesses, as well as nonprofit organizations.
Prevention starts with education. Inform employees about the scam and ask them to be on the lookout for emails or texts that ask them to buy multiple gift cards on someone else’s behalf. They should be particularly suspicious if the email urges them to act quickly or to reply with the gift card numbers and PINs.
To be on the safe side, require employees to follow up on any electronically delivered purchasing request with a phone call to the requesting party. And to reduce the chance that employees will receive spoofed emails, ensure that your network security is robust and up to date.
Report and control
The FBI asks businesses to report BIC gift card incidents to its Internet Crime Complaint Center at http://www.ic3.gov.