A new email scam is hitting campus inboxes with messages that mimic university administrators requesting that employees purchase gift cards.
According to the Information Technology Services security team, the messages begin with two primary messages — “do you have a minute” or “can you help me.” When a victim responds that they can help, the scammers send a second email requesting the purchase of gift cards (usually from iTunes) to be distributed to students or for some other excuse.
The scam also requests that, after a purchase is made, the victim send a message with the gift card numbers and/or photos of the back of the cards with silver security strips removed. Once the information is received, scammers use the cards for purchases and, sometimes, send additional purchase requests.
A few of the requests have been completed, spurring scammers to pepper university inboxes with more requests.
“Now that the thieves have been successful, they are going to be relentless trying to trick people,” said Cheryl O’Dell, security awareness and incident response manager for ITS.
If faculty or staff receive a similar purchase request via email there are two easy methods to check its validity: contact the sender directly via phone, face-to-face visit or a separate email message; and/or click the email sender name while viewing the message on a computer — not a smartphone — as it will display the actual “from” address.
While a great way to deliver a present or award, gift cards are a favorite way for scammers to steal money. According to the Federal Trade Commission, gift card requests are the No. 1 payment method asked for in these imposter scams. Some methods to defend against these scams include:
Verify the request with the individual via a phone call.
These scams can prey on our fears — such as late bills and Internal Revenue Service audits — and make individuals react. Take a moment and contact the businesses involved before responding to an email.
A utility or similar agency will never ask for a payment to be made via gift card. These requests should be reported as soon as possible — even if individuals went through with the scam. Quick responses can help thwart the scam.
Popular vendors and methods of reporting fraud include:
Report all cases of fraud or scams to the FTC online and to the University of Nebraska’s cybersecurity office. Campus resources are useful and often result in direct assistance.
Call 1-888-280-4331 for scams involving Amazon. Learn more about Amazon gift card scams.
Call 1-855-466-4438 to report scams involving Google Play gift cards. Learn more about Google Play scams.
Call 1-800-275-2273 (then press 6 for other and say “operator”) to connect to an iTunes representative. Learn more about iTunes scams.
Learn more about how awareness and caution are key to avoiding phishing scams.
Learn more about this and other email scams affecting the university.