Phishing artists have found a new way to get inside companies as the holiday season unfolds: by asking employees to purchase gift cards, according to Barracuda.
The perpetrators are asking office managers, executive assistants and receptionists to buy and/or send them the cards, saying they are for employee rewards.
The scheme is based on the fact that companies typically ask office managers and others to purchase gift cards for the holiday season. The emails often pretend to be from the CEO of the company.
Barracuda has seen an uptick in this type of activity since early October.
In one typical email, sent on November 1, the attacker writes:
“Can you let me know if we can purchase some Google Play Gift Card today at the store. Do get back to me so I can let you know the type of gift card and denominations.”
According to a post put up today by Barracuda, there are four basic tactics:
In the latter case especially, the employee will be under implied pressure to act quickly.
Barracuda writes that such attacks are difficult for traditional email filters to spot because they are targeted and do not contain any clear malicious signals. In addition, they do not contain suspicious payloads such as links or attachments.