Email Security Blog

BEC Gift Card Scams Move Online During COVID-19 Pandemic

Patrick Peterson April 6, 2020 BEC, Business Email Compromise

With 60 million corporate employees working remotely due to the Coronavirus outbreak, cybercriminals are switching up their tactics in business email compromise (BEC) scams.

In what has been called the “world’s largest work-from-home experiment,” organizations around the globe are being forced to quickly transition to a remote workforce, ready or not. Cybercriminals have opportunistically adjusted to this new normal by updating phishing lures, malware, and other fraud techniques. BEC crime rings are no different.

Impersonation scams rely on gift cards as a cash-out method. In fact, gift cards are the most popular tool that fraudsters use to advance the scam from email message to fiat currency. All a threat actor needs to do is ask unsuspecting victims to send them a picture of the physical gift cards, which can then be sold for roughly 70% of face value in bitcoin.

This tried and true method is a gateway for laundering money and it isn’t just for BEC gangs, either. The tactic is widely used by state-sponsored threat actors such as Lazarus Group, the North Korean APT group behind Wannacry, to skirt US sanctions. But in the age of shelter-in-place orders and quarantines, this approach won’t cut it anymore.

BEC By Text Message: ‘Can You Run a Quick Errand?’

Before COVID-19, gift card scams were relatively straightforward. BEC actors would impersonate a company’s CEO or another senior executive in email requests asking a targeted employee to purchase physical gift cards.

The reasons given included a party for fellow team members, a vendor who needed to be paid in gift cards, or a bonus for specific staff members for outstanding performance during the past year.

Along the way, the fraudster would invariably ask the employee for their mobile phone number, ostensibly so they could communicate back and forth. By moving the conversation to SMS, scammers are able to bypass email protections and get a photo of the gift cards.

In almost every case, perpetrators would ask the employee to run to a store to purchase between $500 and $1,000 worth of gift cards. And it works. According to our latest email fraud trends report, gift card scams account for 62% of all business losses attributed to BEC attacks. That could represent more than $5.2 billion in business losses worldwide this year.

Faced with a newly remote workforce and shuttered stores due to the current crisis, BEC groups have suddenly needed to find a way to keep these sizable revenue streams flowing. And it looks like they may have found one.

Example: BEC email referencing employees working from home.

Going Remote: Gift Card Laundering When Stores Are Closed

Up until now, victims conned into going to the store and purchasing gift cards were instructed to scratch the back of the cards off and send a photo to the scammers. Needless to say, there are a lot of steps to this scam that could raise suspicions. But now, fraudsters have turned to digital gift cards, which come with a big upside – higher payouts.

Example: BEC email requesting online gift cards.

For in-store gift card purchases, most retailers attempt to curb fraud by limiting the number of cards that can be purchased in one transaction. But online retailers don’t seem to have the same restrictions. One BEC group we track that usually requests checks from BEC victims—a gang we’ve code named Exaggerated Lion—has recently included gift card requests in their repertoire, asking for as much as $15,000 in “surprise” gift cards for employees.

Example: Exaggerated Lion BEC email requesting $15,000 in gift cards.

Plenty of Scams In Store—and Out

BEC scammers haven’t written off real world stores completely, mind you. They just changed their targets. After much of the US went into lockdown, gift card fraudsters shifted away from large retail stores such as Target and Walmart, and toward local pharmacies such as CVS and Walgreens, as well as other businesses deemed “essential.”

Example: BEC email referencing specific “essential” store for a target to buy gift cards.

While we don’t yet have concrete evidence about how these stores come into play, it seems a safe assumption that victims asked to buy gift cards either comply, or are refusing to venture out and are instead looking for safer alternatives to make the purchase. The safest way for the scammers to cash out is through digital gift cards, and they just started doing it.

Trying to track the money chain from these crimes is extremely difficult, if not impossible, due to the lack of a networked gift card tracking system. And with virtually no limits on purchase amounts, this cash-out method is sure to catch on—while losses add up fast.

To learn more about gift card scams and other BEC email attacks, read the Q1 2020 Identity Deception and Fraud Trends Report from Agari.

Leave a Reply

Your email will not be published. All fields are required.

Agari Blog Image

May 29, 2020 Ronnie Tokazowski

Business Email Compromise (BEC): W2 Scams Make an Unexpected Comeback in 2020

After barely registering a pulse last year, W2-based business email compromise (BEC) scams are back…

Agari Blog Image

May 19, 2020 Crane Hassold

Scattered Canary Cybercrime Ring Exploits the COVID-19 Pandemic with Fraudulent Unemployment and CARES Act Claims

Recently, news broke about how a sophisticated Nigerian cybercriminal organization has been committing mass unemployment…

Agari Blog Image

April 30, 2020 Armen Najarian

Business Email Compromise (BEC) Scams: COVID-19 Related Email Attacks Top Threat to Financial Services

With billions of dollars in stimulus being earmarked for US companies and individuals reeling from…

Agari Blog Image

April 28, 2020 Crane Hassold

COVID-19 Credential Phishing Scams: Feeding Off Coronavirus Fears

Since the beginning of February, we have seen more than a 3,000% increase in Coronavirus-themed…

Agari Blog Image

April 22, 2020 Patrick Peterson

Phishing and BEC Scams Targeting Remote Workers are on the Rise

Government officials are issuing fresh warnings about COVID-19 related business email compromise (BEC) scams targeting…

mobile image