Gift Card Scam Uses Phony Academic and Administrative Leadership Emails
Cyber criminals use a variety of attack methods in order to obtain personal or financial information. One of the more sophisticated types of attacks is known as spear phishing. Spear phishing is a targeted attack towards a specific individual, organization, or business. In a spear phishing attack, the bad actor will use social engineering or psychological manipulation to trick victims into divulging coveted information.
A type of spear phishing attack-that the Information Security Office (ISO) has recently become aware of attempts to trick users by sending a series of emails that appear to come from academic or administrative leadership and requests gift card purchases. The scam typically begins with an email seeming to be from a dean, director, or even the president of the University. The email asks if the employee is available or on campus and conveys that there is something urgent that they need the employee to do. If the employee replies that they are available, the sender then responds that they are in a meeting or very busy and needs the victim to purchase iTunes or Google Play gift cards from various locations, scratch off the back to reveal the card code and send it in the email. Faculty and staff at Carnegie Mellon University have been vigilant in spotting and reporting these types of emails before anyone has fallen victim to them.Let’s take a look at a real example of a gift card scam that was circulating around campus this year. If you were to reply, you would have received a follow up email and both are shown below.
1. From: Farnam Jahanian <farnam.jahanian@my.com>
Reply-To: Farnam Jahanian <farnam.jahanian@my.com>
Date: Wednesday, November 7, 2018 at 2:57 AM
To: NAME REDACTED <REDACTED@cmu.edu>
2. Subject: Hello
3. Are you available at the moment?
Best Regards,
Farnam Jahanian
President
Carnegie Mellon University
From: Farnam Jahanian <farnam.jahanian@my.com>
Reply-To: Farnam Jahanian <farnam.jahanian@my.com>
Date: Wednesday, November 7, 2018 at 8:31 AM
To: NAME REDACTED<REDACTED@cmu.edu>
Subject: Re[2]: Hello
4. I'm tied up in a meeting right now, Can you purchase iTunes Gift Card 3 pieces - $100 each? I would reimburse you when I'm through here, Let me know also I would prefer to call you but I can't receive or make calls during this meeting.
5. Please, I need this right away.
Thanks
Farnam Jahanian
President
Carnegie Mellon University
1.The email domain is a “.my” and not the Carnegie Mellon Domain name. Other gift card scam attempts have used unfamiliar or gmail domain names. The scammer will try to trick the victim by including a “.cmu” before the @gmail. An example of this trick could look like this iso-ir.cmu@gmail.com. Be sure you are analyzing who actually sent the message by checking the full domain name in the email headers.
2. The email has a generic subject line of “Hello” and was unexpected from the President of the University.
3. This email does not contain a greeting which is a red flag, especially coming from the President. The message is also short and limited which is unusual.
4. The request of gift card purchases is unusual.
5. Creating a sense of urgency is a common tactic scammers use to get readers to act quickly, without too much thought.
Fortunately, the recipient of this email noticed the red flags and reported it to iso-ir@andrew.cmu.edu.
The ISO is grateful for timely reports of phishing attacks. The sooner recipients report concerns, the sooner the ISO can take steps to safeguard the rest of the university community.
For more information on gift card scams check out the following links below.
https://www.wired.com/story/email-scammers-gift-cards-nonprofits/
https://blog.knowbe4.com/scam-of-the-week-the-boss-needs-itunes-gift-cards-for-customers...-now