"Analysts Track Gift Cards to See How Scammers Use Them in BEC Attacks"

Cofense analysts recently conducted a five-week experiment to gain insight into how scammers use gift cards in Business Email Compromise attacks (BEC). The email security firm bought $500 worth of trackable gift cards to see what scammers did with them. The analysts used the gift cards to participate in 54 live BEC attacks in a five-week evaluation period to see what they could learn. According to Cofense, gift card scams operate similarly to other types of BEC scams in which a company executive is impersonated in order to persuade an employee to make wire transfers or help commit other financial fraud. The scam has since been expanded to include payroll diversion, invoice fraud, check fraud, and gift cards. If the unsuspecting victim has taken the bait and responded to the scammer, they will be directed to a nearby store to purchase gift cards, usually in $100 or $500 denominations. According to an FBI alert issued in May, global losses in BEC scams increased by 65 percent between July 2019 and December 2021, totaling $43 billion. The speed with which scammers moved funds surprised the analysts. Each gift card was stolen, resold, and used for purchase within 24 hours. The analysts also discovered that scammers preferred brand-specific cards such as Apple, Steam, or Google Play and were reluctant to accept Cofense's trackable cards, but many did. In one notable entry, a scammer impersonated Cofense's CEO in an attempt to steal money from a senior researcher who has been working to raise BEC awareness. This article continues to discuss the study on how scammers use gift cards in BEC attacks. 

SC Media reports "Analysts Track Gift Cards to See How Scammers Use Them in BEC Attacks"