Skip to content

Saturday December 21, 2024 Salt Lake City, UT

Cyber Security

TOP STORY

Media Alert

Press Release

Protecting Utah

SIAC Reports Increase In Gift Card Scams Targeting Businesses

Tuesday March 31, 2020

DPS’ Statewide Information and Analysis Center has seen a recent spike in gift card scams both in Utah and nationwide.

This scam is typically a Business Email Compromise (BEC) variant, as cyber criminals will impersonate a senior level employee and ask a subordinate to hurry and get them a gift card because they are in a meeting or traveling.


The SIAC recently provided the below recommendations geared for businesses or organizations.

  • Craft a policy for identifying and reporting BEC and similar phishing email scams. Make sure to include the following components.
  •  When receiving unusual financial or sensitive data requests, users should verify the identity, authenticity, and authority of the email sender via non-email channels.
  • Users should ensure that the email is going to the correct person. The true recipient of an email can often be verified by hovering the mouse over the address in the email header.
  • Users should reply by forwarding, and not by hitting the “reply” button, which helps to prevent successful spoofing attacks.
  • Train staff in the human resource and finance departments to identify potential BEC scam emails and follow the suspicious email policy. Indicators of BEC spam emails can include:
  • Poorly crafted emails with spelling and grammar mistakes.
  • The wrong or an abbreviated signature line for the supposed sender.
  • The use full names instead of nicknames and a language structure may not match how the supposed sender normally communicates.
  • That the only way to contact the sender is through email.
  • The transactions are for a new vendor or new contact at a known vendor.
  • Develop a BEC Incident Response Plan including emergency contacts with at the appropriate financial institutions in case it becomes necessary to stop a transfer.
  • Ensure human resource and finance department employees have a policy for out-of-band verifications (e.g. verbal confirmations, etc.) of direct deposit, account changes, or wire transfer requests. Collaborate with human resources and finance departments to ensure their policies are supported by technological solutions.
  • Flag emails from external sources with a warning message in the subject line.
  • Implement filters at your email gateway to filter out emails with known phishing attempt indicators and block suspicious IPs at your firewall.
  • Report BEC scams to the MS-ISAC, local law enforcement, and the Internet Crime Complaint Center (IC3) https://bec.ic3.gov/. Tax-related suspicious emails should be reported to the IRS. If there is a financial loss, notify the bank to stop payment and involve local law enforcement.
###

MEDIA CONTACT

Hillary Koellner
Director of Public Affairs
Department of Public Safety
hmkoellner@utah.gov

SHARE THIS MEDIA ALERT

More Videos in this Series

Motorcyclist Killed on I-80

June 20, 2020

Fatal Crash: San Juan County on SR-191 at Milepost 78

May 11, 2020

Utah’s New Lane Filtering Law

May 8, 2019

More from the News Room

Test

August 2024

Our News Has Moved

July 2024

I-80 Fatal Motorcycle Crash (Updated 6/25/24)

June 2024