Please don’t buy this! 3 gift card scams to watch out for this holiday season

Please don’t buy this! 3 gift card scams to watch out for this holiday season

With the holiday season around the corner, we thought it was a good time to look at the dangers that come with gift cards.

Gift cards can be an easy win in cases where you don’t know the receiver well enough to decide on a fitting gift, or when their wishes are out of your price range. But there are a few things to consider before you hand over your cash.

1. Fake gift cards

You will almost always need to pay full value for legitimate gift cards, so gift cards being offered for significantly less than the face value should be treated with extreme caution. Of course, it could be that they are from people that have no use for the gift cards they received, but it’s hard to tell who and who isn’t genuine. If you see websites offering all kinds of discounts on gift cards, you can be assured that these will turn out to be fakes or they have been acquired in an illegal way and you could be acting as a fence.

2. Gift card generators

One step up on the “scale of scammery” from fake gift cards are gift card generators. There are quite a few websites that claim to provide gift card generators that you can use to generate the code for all kinds of gift cards. Some of the major brand names that are used include Amazon, Roblox, Google, Xbox, PS5.

If you download a gift card generator and you are lucky, it will inform you just before you try it that it does not generate valid gift card codes, but only random codes for “educational purposes.” That is, after you have filled out endless surveys, and maybe even after given up some of your personal information.

In the worst case scenario, you will end up downloading a piece of malware to your system. In one case, researchers found a file titled “Amazon Gift Tool.exe” that was being marketed on a publicly available file repository site as a free Amazon gift card generator. In reality, the malware watched a user’s clipboard to find text that matches the normal length of a certain type of cryptocurrency wallet address. If other criteria were met, to ensure that the victim was involved in a Bitcoin Cash transfer, the malware replaced the string on the clipboard with the attacker’s Bitcoin Cash wallet address. The attacker was hoping that the victim wouldn’t notice the overwritten crypto wallet address when pasting it during the crypto transaction, and that the transfer would go to that of the cybercriminal instead of the intended recipient.

It always helps to keep in mind that if something sounds too good to be true, it is probably not true at all. This definitely applies to a tool that would allow you to create gift cards for free. That’s pretty much like having a money press in your basement.

3. Scammers like your gift cards

There is one group of people that does have a taste for gift cards, and that is scammers. Whether they claim to be with the IRS, Microsoft, or your service provider, if someone asks you to pay for something by putting money on a gift card, like a Google Play or iTunes card, you can safely assume that they’re trying to scam you. No real business or government agency will ever insist you pay them with a gift card.

We have seen live examples of business email compromise (BEC) attempts that ask for gift cards, like the one below:

gift card scam

Business Email Compromise (BEC) is a catch all term for a spoofed email pretending to come from an authority figure, with the intent to use social engineering to reach an outcome, usually financial gain, by convincing you to do something that you normally wouldn’t.

Not forgetting those gift cards that go unspent…

According to a Juy 2021 survey by Bankrate, more than half of US adults (51%) currently have unused gift cards, vouchers, or store credits totaling roughly $15 billion in outstanding value. Additionally, 49% of US adults have lost gift card/voucher/store credit value at some point because they let at least one of these expire (29%), they lost at least one (27%), or they failed to use at least one before the business closed permanently (21%).

Basically what it boils down to, is you are paying full value for something that only gets used roughly half of the time.

Conclusion

As one of my friends in the US used to say:

“The best gift cards have a number and a president on them.”

Even though it may seem unpersonal to give money as a present, the chance that the receiver will get something that they need or like is so much bigger than with a gift card. Should you still want to buy a gift card, make sure to get them from a reliable source and check that the receiver will make good use of it.

Stay safe, everyone!

ABOUT THE AUTHOR

Pieter Arntz

Malware Intelligence Researcher

Was a Microsoft MVP in consumer security for 12 years running. Can speak four languages. Smells of rich mahogany and leather-bound books.