Search Information Security site

 

Main menu

Don't Get Gift Card Scammed

Gift cards were the top payment method for imposter payments in 2018, supplanting wire transfers -- in other words, a gift card is a modern hacker’s preferred method of payment. This is the case for a few reasons. Gift card balances are tracked less carefully than bank account balances, and online accounts with gift card balances are less secure than banking platforms. Gift card codes can also be stolen both physically and electronically. And once gift card codes are used the money is gone, unlike wire transfers that can sometimes be reversed.  Below, you can read about different types of gift card scams, and how you can protect yourself from nefarious gift card scammers. 

In Store Gift Card Hacking

Criminals can go into any grocery store in the world with a gift card display and steal money. They simply pull a card (or many cards) off the display, discretely scratch off the covering, and replace it with a sticker they can purchase online after recording the code in their phone. The hacker can then use the code, and the customer that actually purchases the card will be disappointed to find that their code has already been redeemed. 

How you can prevent it: 

Check to make sure the back of the card has not been tampered with before you purchase it. If the sticker looks strange in any way, trust your gut and consult a store employee. You can also choose to only purchase gift cards from online stores, or to purchase physical gift cards at stores where the cards are kept behind the counter under the watchful eye of an employee at all times. 

Scanner Bots

Leaving a card in your inbox or wallet unredeemed can put your card balance at risk for theft by scanner bots. Artificial intelligence machines can rapidly input random gift card numbers and pins to a gift card redemption webpage (which is not protected by a password). Once they have identified a valid combination of numbers, they can sell the information for the value of the gift card. The key for hackers in this method is quantity; the Tech Times says that bots can run through 1.7 million combination attempts in an hour. 

How you can prevent it: 

The easiest way to protect your balance is to redeem the card as soon as possible. Once your card is redeemed, the balance is protected by your account password. You can also check your gift card balance frequently to ensure that no one has stolen your money. 

Phone and Email Scams

You may receive emails that appear to be from reputable brands, or phone calls, texts, or emails from imposters claiming to be someone you know, real companies or government agencies (often the IRS). Hackers attempt to get you to click on links that download malware or input your financial information by sending you fake opportunities to get free money, usually in the form of gift cards. 

How you can prevent it: 

If it seems too good to be true, it probably is. If a “brand” or the “IRS” is offering you free money that you weren’t expecting, then you should immediately be suspicious. For example, companies run promotions all the time, but they don’t often give out $100 gift cards. You can always call the company and make sure that they sent you the promotion. Do not input your financial information under any circumstances without verifying the legitimacy of the offer.   Rather than answe the phone call - let it go to voicemail and then rather than call back the number the voicemail provides, call the IRS or local police using the phone number you lookup.   If it's a text or email, again - contact the person or agency using contact information you lookup.  Never use "Reply To" in response to the email or text.

For specific tips to recognize and protect yourself from gift card scam emails or texts, please check out our gift card scams webpage.   We also have two real-life examples of gift card scams that have happened at UVA on our Security Alerts webpages - click here for one and here for the other.

 

Report an Information
Security Incident

Please report any level of incident, no matter how small. The Information
Security office will evaluate the report and provide a full investigation if appropriate.

Complete Report Form