- One of the notable aspects of gift card BEC attacks involve scammers targeting finance or HR employees.
- The scammers impersonate a wide variety of identities on the corporate ladder and make requests for expensive gift cards.
According to the latest report from the FBI, an estimated amount of $1.77 billion was lost in 2019 due to BEC scams, also known as EAC (Email Account Compromise) crimes.
BEC/EAC is a sophisticated scam that includes highly-personalized emails from a ‘senior executive’ pressurizing employees into making wire transfers for fraudulent invoices or gift cards.
Gift card requests or asking for a fund transfer for gift cards is one of the oldest and lucrative tricks to dupe employees. And, as per the new reports from Agari, it has been found that BEC scams that target gift cards have accounted for 62% for all scams reported between October and December 2019.
Common gift card BEC attack
One of the notable aspects of gift card BEC attacks involve scammers targeting finance or HR employees. The scammers impersonate a wide variety of identities on the corporate ladder and make requests for expensive gift cards. Such types of scams often target the real-estate sector.
Agari highlights that in the last three months of 2019, gift cards requested in BEC scams averages more than $1600.
The ease to deploy such attacks and the availability of gift card codes online are some of the main reasons that boost the scale of these BEC scams.
“Perpetrators are free to phish multiple targets within the same organization, boosting the size of their potential bounty. And since gift card codes are easily resold online, they’re nearly impossible to track,” Agari explains in its blog post.
Most targeted sites for gift cards
Google Play remains the most requested gift card in BEC schemes. It was used in 16% of gift card fraud scams. Meanwhile, gift cards from eBay (15%), Target (13%), Walmart (9%), and BestBuy (8%) also saw significant increases in demand.
Other new trends
The last quarter also saw the rise of a new trend in BEC scams. Researchers found that some of the BEC scams were launched using free webmail services. Gmail ranks as the most weaponized of these platforms, accounting for 35% of all attacks. Roadrunner and brands like Earthlink and Virgin Media were also spotted grabbing the attention of BEC scammers.