State of New Jersey SealOFFICIAL SITE OF THE STATE OF NEW JERSEY

Gift Card Scam Lures

NJCCIC Alert

Original Release Date: 7/7/2023

Summary

The NJCCIC observed multiple campaigns identified as gift card scams attempting to convince New Jersey State employees to purchase gift cards to extort funds. The emails are primarily from free email providers instead of corporate domains. Threat actors may spoof the sender’s display name, which may differ from the sender’s email address in the header information. Additionally, they may contain a reply-to address that is different than the sender’s email address. Subject lines contain keywords such as “touching base,” “favor,” and “check in,” and the fraudulent requests typically begin with a brief message inquiring if the potential victim is available. In the above campaign, threat actors request the recipient to let them know when they receive the email because they would like to ask them something. Similar campaigns may, for example, apologize for bothering the potential victim and inquire if they order from Amazon.

If the intended target replies, the scammer sends a request urging the potential victim to purchase gift cards and respond with the numbers found on the back of the cards. If submitted, the threat actors can use the gift card’s funds without the physical card since the funds are not linked to a specific person or entity. Additionally, victims typically will not be able to recover the funds used for purchasing the gift cards – even if the purchase was made by credit card – because the victim initiated the transaction, resulting in significant monetary losses.

Recommendations

The NJCCIC recommends users and organizations educate themselves and others on these continuing threats and tactics to reduce victimization. Users are advised to refrain from responding to unsolicited communications, clicking links or opening attachments from unknown senders, and exercise caution with communications from known senders. If unsure of the legitimacy, contact the sender via a separate means of communication, such as by phone, before taking action. We remind users to refrain from complying with requests to purchase gift cards and sending the numbers to someone without first verifying the request via a separate means of communication. These are unusual requests or demands, typically portraying a sense of urgency, and should be handled with increased suspicion.

If gift card information is sent, immediately contact the company who issued the gift card to inquire if the funds are still on the gift card and can be frozen. We encourage users to report cyber incidents via the NJCCIC Cyber Incident Report Form, the FTC Complaint website, and the FBI’s IC3  website . Additionally, users who send unsolicited emails or messages through online platforms may violate account policies and terms of use and should be reported to the sender’s email provider or associated online platform. Additional information can be found in the FTC resource

Join & Subscribe

Never miss an update! Sign up for a no cost membership today! Receive up-to-date content and more in our weekly bulletin.

Sign Up

Featured Content

New Jersey Cybersecurity & Communications Integration Cell

2 Schwarzkopf Dr, Ewing Township, NJ 08628

njccic@cyber.nj.gov

OUR COMMITMENT

The NJCCIC is a component organization within the New Jersey Office of Homeland Security and Preparedness. We are the State's one-stop-shop for cyber threat analysis, incident reporting, and information sharing and are committed to making New Jersey more resilient to cyber threats by spreading awareness and promoting the adoption of best practices.

Agency Seals of State of NJ, NJOHSP and NJCCIC

STAY CONNECTED:

View our Privacy Policy here.

View our Site Index here.