Fraudsters increasingly use business email compromise (BEC) to commit gift card fraud, according to a press release by eCommerce fraud prevention solution Chargebacks 911.
BEC is a form of Account Takeover Fraud (ATO) that involves fraudsters gaining access ot the account of an executive or high ranking member in a company or organization. They then use the account to send emails to employees requesting bank account details and money transfers. Funds sent get rerouted into the fraudster’s own bank accounts.
Traditionally, this type of scam focuses on cash. However, a new fraud trend is to ask employees to purchase gift cards — which are notoriously difficult to track. Fraudsters can then use the gift cards to make purchases wherever they are accepted. This attack is particularly popular right now as the winter holiday season approaches. In the press release, Chargebacks 911 COO Monica Eaton-Cardone explains the problem:
“In this type of fraud, the fraudster gains access to the business email system and impersonates an employee, often a high-ranking executive, sending requests to lower-level employees requesting that recipients purchase gift cards—which are difficult to track, easy to buy and hold value just like cash” she said.
Research already shows BEC attacks succeed at an alarming frequency. However, the increasing use of artificial intelligence (AI) by fraudsters makes them even more dangerous for merchants. Specifically, AI provides new capabilities to mimic the behavior of legitimate requests — the key factor that allows BEC attacks to succeed.
“Some fraudsters employ artificial intelligence tools to mimic the style and vocabulary of people in the organization. To combat this problem, employees need to be explicitly authorized to confirm any request for an unusual expenditure by contacting the putative sender,” Eaton-Cardone said. “This will be particularly important during the coming holiday season, when unusual requests and deviations from normal procedure may more easily pass unnoticed.”