There Is A CEO Gift Card Scam That Appears To Be Targeting Women In Corporate Environments
I was recently called to assist a company who is being targeted by a threat actor who appears to be running a gift card scam that by itself isn’t new, but the attack vector is new. At least to them. Which is why I got the phone call. Let’s start with the scam itself. The threat actor sends the potential victim an email like this (click to enlarge):
Let’s dissect this email. First of all, the email supposedly comes from the “President & Chief Executive Officer” of the company. But it’s pretty clear that that isn’t the case based on the fact that the email comes from a gmail.com account:
The reason why the CEO is often used to perpetrate these scams is that it is perceived by threat actors that victims will be more likely to comply if the email comes from the “CEO.”
Next up is the quality of the English, which is actually not bad in this case except for one thing. The subject line which is “IDEA TO IMPROVE MORAL” ruins this in a hurry. Besides that, the email asks the potential victim to buy gift cards, and asks for confidentiality. That’s to make sure that someone doesn’t tip off the potential victim that this is a scam. You’ll also note the “Sent From Mobile Device” which makes sense if you’re the threat actor to cover up anything in this email that seems “weird”. Finally, while I have redacted sensitive information, the email names the potential victim which makes it seem more personal rather than being a copy and paste exercise. And of course, the end game is to get the victim to buy gift cards in the hundreds of dollars and send them to the threat actors.
Now in this company’s case, these emails were targeted specifically at women who were recent hires at this company. That’s likely not a coincidence. My guess is that the threat actor might believe that women in general would be more likely to comply. But they may also believe that recent hires might not have gone through any sort of security training. Which also makes them even more likely to comply. Thus I suspect that the threat actor might be trolling a source like LinkedIn to get a list of potential victims to work from.
The best way to stop scams like this is education. As in educating staff to spot and stop these scams before they become a problem. While there are free courses that can provide this education, I strongly recommend going to companies like KnowBe4, CIRA, Webroot, Proofpoint and others train your staff as this is a type of scam that relies on taking advantage of the weakest link in your security posture. Which is the human being at the other end of the email that the threat actor sends. There is no technology that can solve for that.
In the absence of that, the other thing that stops these scams from being successful is awareness that they exist. Which is why I am putting this out there as this seems to be an active campaign that likely has some degree of success. Not with this company as they were able to spot it and not get sucked in. But it likely is successful with other companies who aren’t as aware as this company is.
This entry was posted on January 12, 2024 at 11:30 am and is filed under Commentary with tags Scam. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
There Is A CEO Gift Card Scam That Appears To Be Targeting Women In Corporate Environments
I was recently called to assist a company who is being targeted by a threat actor who appears to be running a gift card scam that by itself isn’t new, but the attack vector is new. At least to them. Which is why I got the phone call. Let’s start with the scam itself. The threat actor sends the potential victim an email like this (click to enlarge):
Let’s dissect this email. First of all, the email supposedly comes from the “President & Chief Executive Officer” of the company. But it’s pretty clear that that isn’t the case based on the fact that the email comes from a gmail.com account:
The reason why the CEO is often used to perpetrate these scams is that it is perceived by threat actors that victims will be more likely to comply if the email comes from the “CEO.”
Next up is the quality of the English, which is actually not bad in this case except for one thing. The subject line which is “IDEA TO IMPROVE MORAL” ruins this in a hurry. Besides that, the email asks the potential victim to buy gift cards, and asks for confidentiality. That’s to make sure that someone doesn’t tip off the potential victim that this is a scam. You’ll also note the “Sent From Mobile Device” which makes sense if you’re the threat actor to cover up anything in this email that seems “weird”. Finally, while I have redacted sensitive information, the email names the potential victim which makes it seem more personal rather than being a copy and paste exercise. And of course, the end game is to get the victim to buy gift cards in the hundreds of dollars and send them to the threat actors.
Now in this company’s case, these emails were targeted specifically at women who were recent hires at this company. That’s likely not a coincidence. My guess is that the threat actor might believe that women in general would be more likely to comply. But they may also believe that recent hires might not have gone through any sort of security training. Which also makes them even more likely to comply. Thus I suspect that the threat actor might be trolling a source like LinkedIn to get a list of potential victims to work from.
The best way to stop scams like this is education. As in educating staff to spot and stop these scams before they become a problem. While there are free courses that can provide this education, I strongly recommend going to companies like KnowBe4, CIRA, Webroot, Proofpoint and others train your staff as this is a type of scam that relies on taking advantage of the weakest link in your security posture. Which is the human being at the other end of the email that the threat actor sends. There is no technology that can solve for that.
In the absence of that, the other thing that stops these scams from being successful is awareness that they exist. Which is why I am putting this out there as this seems to be an active campaign that likely has some degree of success. Not with this company as they were able to spot it and not get sucked in. But it likely is successful with other companies who aren’t as aware as this company is.
Share this:
Like this:
Related
This entry was posted on January 12, 2024 at 11:30 am and is filed under Commentary with tags Scam. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.