How and why are gift cards used by scammers to steal money?
This question was answered on February 9, 2023. Much of the information contained herein may have changed since posting.
The use of gift cards is a favorite vehicle to extract money from victims for a variety of reasons: they are available everywhere, easy to buy, easy to use, and generally impossible to trace.
The lack of recourse for victims is also attractive to scammers.
The common thread in these scams is to create fear and/or urgency in the victim so they are so worried that they aren’t thinking clearly when asked to buy the gift cards.
Usually, it’s presented as a way to pay a late fee or overdue bill to avoid repossession, legal action, or the termination of critical services, such as power or water.
Social Engineering Tactics
The sophistication of predators’ psychological manipulation or ‘social engineering’ has been honed over many years and is constantly tweaked to ensure higher levels of success.
Posing as someone from a utility company, the IRS, or other government agencies they will demand immediate payment to avoid dire outcomes convincing their victims that they can avoid further issues if they pay via a gift card and will often stay on the phone with them while the victim drives to a local retailer.
They will also pose as a friend or relative that is having an emergency medical issue or has been arrested and needs financial help.
In all cases, once the gift card has been activated by the retailer, the scammers will ask the victim for the gift card number and any associated PIN if there is one.
Once that information has been given out, the scammers are off to the races to spend your money before you realize what has happened.
Closed vs Open-loop Gift Cards
Any gift card that can only be used at a specific retailer is known as a closed-loop card and many don't use a PIN to secure them.
This is the preferred type of card for scammers, which is why they will often demand that a specific brand of gift card be purchased.
Open-loop gift cards are often bank issued and can be used to make purchases anywhere and they have added layers of security such as a PIN to protect users. They can also be frozen or tracked by the bank, which is why scammers like to avoid them.
Gift cards that don’t need a PIN can be compromised without anyone ever contacting the victim.
A well-known online attack on retailers coined the GiftGhostBot uses an automated process to determine valid gift card numbers that have an open balance on them.
The automated bot randomly submits tens of thousands of card numbers per minute at websites that allow gift card holders to check their balances.
Once the bot confirms a gift card number with a balance that doesn’t require a PIN, it’s like giving the scammers cash.
That's why it’s important for anyone with a legitimate gift card to consider using it quickly to avoid this type of loss.
About the author
Posted by Ken Colburn of Data Doctors on February 9, 2023