Threat Description

Nowadays, gift cards are a token of appreciation to a family, friend or co-worker. However, they prove to be troublesome when used to scam people; many people within the region do not know the difference between legitimate or fraudulent gift cards. These scams are generally part of a larger campaign, that goes unnoticed due to the small amounts of money that are stolen in regular intervals. The objective of such campaigns would vary from stealing personal credentials and financial details to even injecting malicious programs such as malware and ransomware. The typical victims of such scams are non-tech savvy users, who have little or no experience in checking the veracity of the content they view online. Examples of such scams include free flight tickets & merchandise, discounts, food offers etc. The scam is commonly spread via free messaging applications such as WhatsApp, or Social Media platforms like Facebook and Instagram, as they are free of charge, popular, and easily propagated through existing groups and connections. Due to their high frequency and exponential growth, the impersonators benefit greatly once these scams start expanding. Stolen data could include the following:

  • 1. Personal information that can be sold online such as names, addresses, birthdates, and email addresses etc.
  • 2. Financial details such as bank account numbers & credit card details
  • 3. Device information and IP addresses Furthermore, malware or ransomware could be installed on the victim's devices. Unwary users are easily susceptible owing to the scam seeming genuine; these scams redirect the user to a phishing website which looks very similar to the legitimate website. Only upon proper inspection of the URL, can such phishing attempts be identified.

To appear more realistic, the scammer may also replicate the original website’s design and layout. Usually, the scam artist will require the user to propagate the same message to several contacts before they are eligible for the ‘gift card’, thereby, spreading the scam faster.