Cyber Monday & Black Friday: New Gift Card Scams Are Flourishing In 2021

by | November 29, 2021 | Cybersecurity News

Cybercrooks are actively preying on people flocking online for Black Friday and Cyber Monday in two relatively new ways: fake merchandise and crypto-jacking.

Cyber Monday & Black Friday Gift Card Scams

Scammers have come up with brand new tactics to improve their gift card scams. Researchers highlight some of these ill-intended strategies – fake gift-card generators that install malware created to exfiltrate the victim’s cryptocurrency wallet address.

Online Black Friday and Cyber Monday scams have become concerningly common, and so have shoppers’ vigilance. This is why the bad guys are constantly implementing new techniques in their attack strategies. In a Tuesday blog post, Malwarebytes Labs’ researchers warned of 2021’s latest gift card scams. One new method involves offering gift cards for much less than face value to convince targets to buy stolen gift cards or even download malware.

“If you see websites offering all kinds of discounts on gift cards, you can be assured that these will turn out to be fakes or they have been acquired in an illegal way and you could be acting as a fence,” wrote Pieter Arntz, Malwarebytes malware intelligence researcher.

Bogus Gift Card Generators

Experts say they have been observing a series of websites claiming to provide “gift card generators,” which people can use to generate codes for all sorts of gift cards. The malicious sites can be compelling, for they use major brands such as Roblox, Google, Amazon, Xbox, and PS5.

The unlucky users falling for these scams will download fake gift card generators and be informed right before trying to use them that they don’t actually generate valid gift card codes, but only “random codes for ‘educational purposes,’” Arntz noted. Likely this happens after people complete surveys and enter personal information.

However, these scams can take an even more nasty turn – the generators can sometimes download malware to the victim’s system, experts warned.

Gift Card-Themed BEC

Arntz warned that no legitimate company would ask you to pay in gift cards.

Whether they claim to be with the IRS, Microsoft, or your service provider, if someone asks you to pay for something by putting money on a gift card, like a Google Play or iTunes card, you can safely assume that they’re trying to scam you. No real business or government agency will ever insist you pay them with a gift card, ” he explained.

Cyber Monday BEC gift card scams are targeting lower-level employees.
Pretending to be an email from the CEO and telling an employee to buy $2000 worth of iTunes gift cards. Credit: Malwarebytes

Choose A Different Gift This Year

Many gift cards end up going unspent anyway, so you can find ways to get more creative with the gifts you offer to your loved ones. This will not only bring you more appreciation, but also keep you from falling prey to online Black Friday and Cyber Monday scams.

According to a Bankrate survey conducted in July, 51% of U.S. adults currently have unused gift cards, vouchers, or store credit, and 49% of Americans lost one at some point.

If you’re still keen on purchasing gift cards online this holiday season, then keep in mind one simple rule – “if something sounds too good to be true, it is probably not true at all,” Arntz said.

Even though it may seem unpersonal to give money as a present, the chance that the receiver will get something that they need or like is so much bigger than with a gift card. Should you still want to buy a gift card, make sure to get them from a reliable source and check that the receiver will make good use of it,” he concluded.

Sources:

Threatpost New Twists on Gift-Card Scams Flourish on Black Friday

Malwarebytes Please don’t buy this! 3 gift card scams to watch out for this Black Friday

Attribution:

Business card photo created by jannoon028 – www.freepik.com

by Diana Panduru

Content writer for Attack Simulator. Passionate about all things writing and cybersecurity, and obsessed with driving. I sometimes indulge in pencil drawing, poetry, and cooking for fun.

There’s no reason to postpone training your employees

Get a quote based on your organization’s needs and start building a strong cyber security infrastructure today.