Apple and Amazon gift card email scam

Gift cards are popular with criminals as they are difficult to trace and can be used to launder money.

This scam begins with a fraudster sending a bogus email posing as someone in your contacts list requesting gift cards for a retailer such as Amazon.

The scammer gives a spurious reason as to why they can’t purchase the cards themselves, such as being out of town, too busy with work, or having an issue with their debit card.

As the message appears to be from someone you know, you might assume the request is genuine and agree to purchase the gift cards.

The scammer can then simply ask you to share the serial numbers of physical gift cards bought in a store, or request that you buy digital gift cards and send them to a specified email address. 

How do gift card scammers send the emails?

In some cases, the email account of your friend, family member or colleague has been hacked, perhaps through a password data breach (haveibeenpwned.com has a useful database of compromised accounts).

Once the scammer has got into an email account, they can send messages to the entire contacts list (and make a copy of this list).

In other cases, scammers spoof the email address of one of your contacts by changing the display name, or use an email address that closely resembles it and hope you don’t notice the difference.

Interestingly, a few reports to Which? suggest scammers may also use a combination of the two: sending the first email from the genuine address but all subsequent messages from a lookalike email address that closely resembles the genuine one.

This is perhaps because because they get locked out of compromised accounts quickly, for example, if the genuine account holder resets their password or blocks a suspicious login.

How to stay safe

Never answer an unsolicited email without making checks, even if it seems to be from a trusted source.

If you receive an email asking for personal data or any form of financial help, call that friend or family member on a trusted number and let them know their account may have been hacked. They should then change their password immediately to secure the account and warn other contacts that they may have received a malicious message

If you are a customer of Parish Web&Host please contact your Clerk for more information or request a support call.