By Trevor Collins, Network Security Engineer at WatchGuard Technologies
As the holiday season rolls around each year, many people search far and wide for a perfect ‘something’ to give each of their loved ones to mark the occasion. At the same time, many people out there tend to let the holidays “sneak up” on them year after year – and end up scrambling to purchase last-minute presents for anyone and everyone on their lists as a result. Not only are gift cards a likely choice for the folks who find themselves in the latter camp, but they’ve also become an increasingly popular gifting option in general due to their flexible nature and wide availability year-round.
But gift cards are also becoming a popular attack vector for a growing number of scams. While these stocking stuffers might seem like a convenient and safe way to pass along a little cash (especially for those strapped for time or simply seeking a more neutral token of appreciation to give, say, an acquaintance or a coworker), purchasers and recipients alike can still be impacted by gift card scams. In addition to these scammers’ usual tricks, each new holiday shopping season also brings new and more maliciously creative twists that consumers need to watch out for. Due to the large number of gift cards purchased during the holiday season, there is typically an increase in gift card-related scams – both in cyberspace and the physical world. Fortunately, we have expert tips to help consumers acquire gift cards safely and protect themselves and their loved ones (or their acquaintances, coworkers, etc.) from getting scammed.
- Gift card scams – In general, we recommend that people make online purchases with alternate forms of payment other than their personal debit and credit cards… but solicited gift cards are NOT one of them! If any seller asks you to pay with a gift card, instructing you to buy one and then use its assigned number to complete your purchase with them, run—don’t walk—from that seller. It may be surprising that this scam still works, but it’s an excellent way for someone wanting to steal money from you to accomplish just that while staying under law enforcement’s radar.
- Purchase from a trusted source – Keep an eye out for the fake and/or look-alike eCommerce sites that pop up during this time of year, especially those with deals that seem to be “way too good to pass up.” Shady gift card sellers lurking around the web often provide “discounts” to draw in more victims. If you’re going to shop for gift cards of the digital variety online, it’s important to stay vigilant and beware of fake websites, as these destinations often contain fake or stolen gift cards.
It’s easy for a cybercriminal to spin up a website disguised as an online kiosk, even one secured by SSL/TLS (the little lock that appears in your web browser to indicate a secure site). It might look “official,” but it doesn’t guarantee that you will be able to make a legitimate purchase – of a gift card or otherwise. If you find yourself on an unfamiliar website, use the Better Business Bureau (BBB) or another online reputation checker to verify that it’s a legitimate and trusted merchant before buying anything.
- Inspect the back of the card – A physical gift card only works once the seller has activated it with the hidden PIN or barcode on the back. Of course, malicious actors have figured out a way around this. To do so, these scammers will snatch a stack of gift cards off a sales rack and then proceed to scratch off the cards’ backs to record their associated PINs without even leaving the store. To hide this action, they cover the PINs back up again using similar pieces of scratch-off tape that they brought with them. This allows the scammer to use the card themselves as soon as the physical card they’ve tampered with has been purchased and activated through a legitimate sale.
To avoid getting scammed like this yourself, be sure to carefully examine the condition of any physical gift card you’ve picked up off the rack before checking out at the store. Keep an eye out for any hint of foul play. If the original ‘scratch-off’ coating on the back of a gift card has been replaced or otherwise tampered with, there will usually be marks on the card itself that indicate any such tampering.
- Save your gift card receipt – When you buy a gift card, always save your receipt! Keeping the receipt alone won’t prevent you from being scammed, of course, but if you get unlucky and fall victim to a gift card scam, your receipt holds essential details that can help you recover some or all of the money that was lost. If you suspect you’ve been scammed after a purchase, call the number on the receipt as soon as possible and ask them to cancel the gift card immediately.
While sneaky scams might make some people afraid to buy gift cards, they don’t have to be. With some common-sense tips and best practices, we can all better recognize and avoid this kind of malicious activity as we’re wrapping up our last-minute holiday shopping (or making gift card purchases at any other time of the year, frankly).
At the end of the day, the most effective defense comes down to just wearing a skeptical, questioning hat and verifying things before you trust them. If you keep these tips in mind when purchasing or using gift cards, you should be fine with gifting these handy certificates and popular stocking stuffers this holiday season without succumbing to any tricky cons.
Trevor Collins is an information security analyst and network security engineer at WatchGuard Technologies, specializing in network and wireless security. Trevor earned his security know-how and several certifications through his past military experience in the United States Air Force. Trevor is a regular contributor to Secplicity.org where he provides easily understood data analysis and commentary to IT professionals. Trevor’s experience with a wide range of network security vendors and technologies allows him to provide unique perspectives to the industry.