Phishing: B.E.C. Holiday Gift Card Scam

Bill Haber | CO-Founder, TechOps


Make sure you can identify Business Email Compromise. There’s a not-so-new scam ruining office holiday parties and certain types of gift-giving this holiday season, and you should know how to avoid it. Its a type of Phishing that’s grown enormously in popularity this year, and it’s known as BEC- Business Email Compromise. 

According to sources including the FBI, the growth of BEC attacks using impersonation methods was a leading growth area for breaches in 2018. In December, The FBI warned of a 60% increase in false electronic mails targeting schemes including gift card fraud.

The good news, however, is that there are several ways to guard against this and prevent these scams, Here are some tips to keep in mind, and ones that be been permanently abided by through regular training:

  • First, always look at the email header of the sender. Is the email address correct? Identify email addresses that look similar but perhaps differ from the ones used by co-workers and executives (abc_company.com vs. abc-company.com).
  • Be VERY wary of requests to BUY multiple gift cards, even if the request seems ordinary.
  • Watch out for grammatical errors or odd phrasing. This can be a huge tip-off!
  • Give pause to pressure you to purchase the cards quickly. Always a red flag worth checking. 
  • Finally, if the sender asks you to send the gift card number and PIN back, suspect trickery! 
  • Don’t rely on email alone. Talk to your co-workers and make triple sure its a REAL request.

Requests for gift card purchases or wire transfers should ALWAYS be highly scrutinized. Additionally, make sure your business policy requires use of two-factor authentication and at a minimum a direct phone call to confirm any transfer of funds.

Keep your eyes open and have a great Holiday Season!