Real World Risk Management Practical HR Resources
Are you a new user?


The Holiday Gift Card Scams Are Upon Us

If your boss emails you and asks you to send a gift card as a favor, it is a scam.

According to the Federal Trade Commission (FTC), scammers impersonate their victim's boss by either spoofing or hacking the boss's email account. In the email, the scammer claims to need the victim's help with a task such as an office surprise party, a company event, or an errand.

The scammer, claiming to be the person's boss, then asks the victim to help them out by paying them with gift cards, promising to pay the victim back later. However, once the victim shares the gift card number and PIN, the money is gone.

If you receive an unexpected email like this claiming to come from your boss, the FTC advises not paying for anything with a gift card. The FTC states, "Gift cards are for gifts, not payments. If anyone asks you to pay with a gift card, it's a scam."

The FTC also recommends calling your boss using their known number, not a number listed in the email, or someone else in the office if they cannot be reached.

If you see this type of scam, report it to the FTC at Ari Lazarus "Your boss isn't emailing you about a gift card" (Sep. 08, 2021).


It is especially important to remember the FTC’s advice during the holiday season, when cybercriminals take advantage of the fact that many people are shopping online and purchasing or using gift cards.

Whereas credit cards often include fraudulent purchase protections, gift cards come with no such protections. Therefore, cybercriminals may ask victims to pay them in gift cards to guarantee that they will get their money and be able to make purchases without triggering a fraud alert.

Other types of cyber scams involving gift cards include websites claiming to sell deeply discounted gift cards, which are generally stolen or contain malware; websites offering to check the balance of your gift cards, which steal the gift card number; and websites offering gift cards in exchange for completing a survey, which gather your personal data and give you a fake gift card.

A number of websites this holiday season contain “gift card generators” that claim to provide users a code for gift cards to major brands such as Amazon, Google, Xbox, and Playstation. After the user fills out a survey asking for personal information and downloads the generator, they are informed that it does not provide valid gift card codes. Instead, researchers say, the generator downloads malware onto the victim’s computer.

Best practice is to never trust an email or website requesting payment by gift card, offering a gift card for very cheap or free, or offering to provide gift card-related services. Remember, scammers love exploiting gift cards.

Finally, your opinion is important to us. Please complete the opinion survey:

Why Your Access Control Policy May Be Your Most Important Cyber Policy

The FBI says an employee of a tech firm is the perpetrator of its recent systems hack and ransom plot. Read how your system access controls can help prevent the inside cyber risk.

read more

Why A Balanced Approach Of Response And Preparation Is Needed For Data Security

A recent study found that IT personnel recognize how proactive risk assessment steps can minimize damage from a systems breach. However, do they have the time? Learn more.

read more

Checking For Skimmers: A Day-To-Day Security Task

Performing visual and physical security checks can help you spot credit card skimmers. Learn more about this identity theft risk.

read more

Online Account Takeover Fraud Spiking: Are Unique And Strong Passwords The Answer?

Account takeover fraud is on the rise. Read ways to protect yourself from this form of identity theft.

read more