When does buying gift cards for employees turn into a business email compromise attack? The simple answer is “when hackers are behind a gift card BEC scam.” Business email compromise (BEC) can be devastating to any company, especially when 60% of small-to-medium-sized businesses don’t survive these assaults. However, BECs target a wide range of victims, and it’s reported that hackers use gift card scams in 66% of their email phishing attempts. The importance of avoiding BEC scams can’t be overstated, and what helps protect against these cybercrimes should be of interest to employees and CEOs alike.
According to KDMARC, an email security company, last year’s losses from BEC scams totaled nearly $80,000 per attack. Since email phishing is the starting point on the road to success for BEC hackers, they’ve sharpened their skills over time, making the emails more effective and more likely to be successful.
What a BEC Gift Card Scam Looks Like
An innocent email from a CEO to their assistant requesting they purchase a number of gift cards to reward employees with, can go south quickly. Responding to the email request to the CEO that includes the gift card codes as proof of purchase gets a quizzical response from them, asking why the gift cards were purchased to begin with. Surprise! You’ve just been duped into being the target of a successful BEC scam.
The FBI’s Internet Crime Complaint Center (IC3) found the price tag for BEC losses last year totaled $1.8 billion. Many of these attacks can exceed the cost of gift card scams, with many BECs involving bogus requests for substantial wire transfers that can leave a considerable dent in a company’s bottom line.
Protect Against BEC Attacks