With the holiday season in bloom, watch out for scams that promise free gift cards or offer to check your gift card balance, says Bolster.
Gift cards are always a handy option as a holiday present, especially these days when you may not be able to see family and friends in person. But gift cards are also an easy target for cybercriminals to exploit. A report released Tuesday by fraud prevention company Bolster looks at two types of gift card scams ringing in the holiday season and offers tips on how to avoid them.
SEE: Social engineering: A cheat sheet for business professionals (free PDF) (TechRepublic)
Online shopping continues to rise, especially as consumers concerned about COVID-19 and feeling a financial pinch avoid brick-and-mortar stores. Gift cards are plentiful and available from most retailers such as Amazon, Target, and Best Buy.
Thanks to the growth in e-commerce, gift cards are expected to see a 13% compound annual growth rate this year, according to research firm Technavio. As a result, though, cybercriminals are anxious to get in on that action.
Gift card scams first jumped during March and April as the coronavirus pandemic resulted in lockdowns that forced many people to turn to online shopping. After a quick respite over the summer, these scams surged in September and on into November. This latest increase matches the start of the holiday shopping season, including Amazon Prime Day in mid-October. In fact, November saw the biggest volume of new gift card scams with 6,881 new malicious sites and more than 229 such sites popping up each day.
The retail and gaming industries are the areas most often targeted by gift card scammers, according to Bolster. In November, these two sectors compromised 59% of all online gift card scams. Always popular around the holidays, these areas are getting a boost this year with the unveiling of two hotly anticipated new gaming consoles from Microsoft and Sony.
Based on its own research, Bolster discovered two types of gift card scams gaining traction.
Check your gift card balance
In this scam, bogus websites offer to help you check the balance of your gift cards but instead steal your gift card numbers. As one example found by Bolster, cybercriminals set up a fake Target gift card balance checker website. The layout, text, and colors used are identical to those on a legitimate Target gift card balance checking site.
After someone enters a gift card number, the site displays a continuing message that indicates a "checking balance" status or some type of error, leading people into thinking the site isn't work. Behind the scenes, though, the valid gift card numbers are captured by the scammers who use them to make purchases or resell them.
Though this malicious site looks real, certain elements can tip you off that it's bogus. None of the links on the page actually work as the scammers wouldn't want you to leave the site to check out other Target pages. The URL for the page employs a typo-squatting scheme, presenting a domain name that's similar to a legitimate one.
Other Target gift card scam sites spotted by Bolster were less sophisticated and therefore less likely to fool users. In these cases, the actual Target logos and colors aren't used, while the text itself reads as if the writer learned English as a second language. By not using Target's official logo, however, this type of site is more apt to evade detection.
Survey scams with gift card offer
In this scam, sites offer phony free gift cards for completing surveys. The sites claim that they can check for unused gift card codes, which they're more than happy to offer you for free if you fill out a quick survey. The real goal is to collect personal data about you that they can then sell to other companies.
Among the many gift card survey scam sites found by Bolster, more than 1,000 appear to be from the same group. Using a consistent template and pattern, these sites tout gift card offers from such retailers as Amazon, Google Play, AliExpress, Bath & Body Works, and Forever 21.
Designed using sophisticated techniques, the sites create a sense of urgency to keep you interested. After you select a gift card amount, the site makes you believe that it's searching its own database to find the right match. After a partial gift card code is dangled before your eyes, the site asks you for such details as your name, address, phone number, and date of birth. From there, one survey after another pops up with more and more questions to answer before you supposedly receive the entire code.
To help you avoid these types of gift card scams, Bolster offers the following advice:
- Always use the retailer's site to check gift card balances. Avoid checking your gift card balance on third-party sites. All retailers that offer gift cards have pages on their own websites that can check a gift card balance.
- Go to a site by typing the retailer's URL directly. Do not use a search engine such as Google to find a gift card balance checker page. Scammers are known to deploy search engine optimization tactics to rank high on search engine queries to lure unsuspecting victims. Using a search engine could cause you to browse to a fake URL that closely resembles the real site.
- Remember there are no free gift cards. Though it is tempting to believe that today is your lucky day, nobody gives out free $50 gift cards for a few minutes of your time.
- How to become a cybersecurity pro: A cheat sheet (TechRepublic)
- Social engineering: A cheat sheet for business professionals (free PDF) (TechRepublic)
- Shadow IT policy (TechRepublic Premium)
- Online security 101: Tips for protecting your privacy from hackers and spies (ZDNet)
- All the VPN terms you need to know (CNET)
- Cybersecurity and cyberwar: More must-read coverage (TechRepublic on Flipboard)