Q: How and why are gift cards used by scammers to steal money?
A: Using gift cards is one of scammers’ favorite methods to extract money from victims for a variety of reasons. They are available everywhere, easy to buy, easy to use and generally impossible to trace.
The lack of recourse for victims is also attractive to scammers.
The common thread in these scams is creating fear and/or urgency in the victim, making them so worried that they aren’t thinking clearly when asked to buy the gift cards.
Usually, it’s presented as a way to pay a late fee or overdue bill to avoid repossession, legal action or the termination of critical services, such as power or water.
Social engineering tactics
The sophistication of predators’ psychological manipulation, or “social engineering,” has been honed over many years and is constantly tweaked to ensure higher levels of success.
Posing as someone from a utility company, the IRS or other government agencies, they will demand immediate payment to avoid dire outcomes, convincing their victims that they can avoid further issues if they pay via a gift card. Scammers will often stay on the phone with them while the victim drives to a local retailer.
They will also pose as a friend or relative that is having an emergency medical issue or has been arrested and needs financial help.
In all these cases, once the gift card has been activated by the retailer, the scammers will ask the victim for the gift card number and any associated PIN, if there is one.
Once that information has been given out, the scammers are off to the races to spend your money before you realize what happened.
Closed vs. open-loop gift cards
Any gift card that can only be used at a specific retailer is known as a closed-loop card and many don’t use a PIN to secure them.
This is the preferred type of card for scammers, which is why they will often demand that a specific brand of gift card be purchased.
Open-loop gift cards are often bank issued and can be used to make purchases anywhere and they have added layers of security, such as a PIN to protect users. They can also be frozen or tracked by the bank, which is why scammers like to avoid them.
GiftGhostBot
Gift cards that don’t need a PIN can be compromised without anyone ever contacting the victim.
A well-known online attack on retailers, coined the GiftGhostBot, uses an automated process to determine valid gift card numbers that have an open balance on them.
The automated bot randomly submits tens of thousands of card numbers per minute at websites that allow gift cardholders to check their balances.
Once the bot confirms a gift card number with a balance that doesn’t require a PIN, it’s like giving the scammers cash.
That’s why it’s important for anyone with a legitimate gift card to consider using it quickly to avoid this type of loss.
Ken Colburn is founder and CEO of Data Doctors Computer Services. Ask any tech question on Facebook or Twitter.
