Beware: Scammers frequently use gift cards to steal money. They may send deceptive emails or text messages posing as your coworkers or supervisor, urging you to buy gift cards for a supposed special event. Learn More.
What are gift card scams?
These email phishing scams rely on impersonation and social engineering tactics to engage with victims to ask them to purchase gift cards. The attackers leverage authority and urgency in their requests and will frequently impersonate high-level executives, deans, or department chairs as part of the scam. After a few exchanges, the person asks you to purchase gift cards and send them the activation codes.
These attacks work because they are a simple, quick way to get money from their targeted victims, especially when the email is impersonating someone in the organization.
In 2024, hackers will still try anything to get someone to click on a link in a text message. This is what we call a smishing attack. Smishing, short for “SMS phishing,” is a type of social engineering attack where attackers use text messages to trick recipients into taking a specific action. This action could be clicking on a malicious link, downloading a rogue app, or providing sensitive information like passwords or credit card numbers.
Smishing is particularly dangerous because people tend to trust text messages more than emails, making them more susceptible to falling for the scam.
The attacker crafts a convincing SMS message, often with a sense of urgency. The message usually contains a link or asks for sensitive information. They then send the message to as many numbers as possible. If an unsuspecting person clicks the link in the email, the hacker can ask them for important information, get them to take some action, and, in some cases, even take control of their phone.
What should I do?
- If you get an email or text from a colleague asking if you “are available?” or asking for you to only “text them,” before responding, reach out to the sender in a separate email or call them to check if they actually sent the request.
- Don’t reply to the email or use any contact information provided in the email or text message – attackers often provide fake numbers or email addresses they control.
- If you discover the email or text (SMS) message is a phish, report it! Learn how to provide a Phish Alert.
| Example # 1: | Example #2: | Example #3: |
|---|---|---|
| From: [email protected]
Subject: URGENT REQUEST To: [email protected] you available ?No calls text only 8603072XXX BEST REGARDS <Name Removed> Dean |
From: XXX.subdomain.trincoll.edu
Subject: Quick question To: [email protected]’m in a meeting and need help getting some Amazon Gift Cards<Name Removed> |
From: [email protected]
Subject: URGENT REQUEST: What number can I text you at? To: [email protected]?<Name Removed> |
Common smishing messages are often time-sensitive messages, such as:
- Promises of free prizes that sound too good to be true (they are!)
- Promises of help with student loans and other debt
- Communications from financial institutions requiring immediate action
- Communications from government agencies, such as the IRS
- Tech support related scams from known companies (Apple, UPS, Microsoft, etc.)
- Health notifications, such as COVID notifications
- Delivery failure notifications from known entities
- Free software downloads
Reminders:
- Don’t click on unexpected links, even if coming from a known number. Remember that phone numbers can be spoofed.
- When in doubt of the legitimacy of a communication received, either delete it or contact the sender via a trusted means of communication, such as a trusted phone number, to confirm the message’s legitimacy.
- Trinity student on-campus jobs are posted on Trinity Handshake, and job offers are made directly from the Handshake platform.
- Only download from trusted sources such as Google Play and Apple’s App Store.
- Do not reply to unsolicited text messages because this confirms that your line is operational. Instead, filter and block callers.
- To report phishing of any kind, use the Phish Alert Button within Outlook or email [email protected]. You can also report spam using the FTC website.
