The Ultimate Guide to Protecting Yourself from Gift Card Scams This Festive Season

Checking off that gift list this holiday season will look a little different than in previous years. Many shoppers intend to do a significant portion of their holiday shopping online. Digital gift card sales are also expected to rise.

However, given the expected increase in digital activity over the holidays, cybercriminals will be making their lists and double-checking them as well. It’s a particularly dangerous time of year, as shoppers of all ages (including those with less experience identifying digital threats) flock to search engines and online channels to place orders before holiday delivery date cutoffs. And opportunistic hackers know exactly how to create enticing, seasonally appropriate lures—and even the most basic scams can deceive savvy online shoppers.

Here are some of the most common cyber threats to be aware of during the holidays, as well as a few unusual outliers we expect to see this season as a result of the pandemic.

Scams involving holiday gift cards on the internet

Gift cards are a popular target for cybercriminals and scammers because stealing the money loaded on them is similar to stealing cash: once it’s gone, there’s almost no way for a victim to get it back (unlike credit card transactions, which allow chargebacks).

During the holiday season, when gift card purchases spike, thieves are looking for easy ways to profit. Some will even go so far as to manipulate store gift cards, scratching off the layer of protective coating to write down pin numbers and then “replacing” the coating with a sticker to make it look brand new. Scammers will enter those PINs into software that sends an alert once a gift card has been purchased and activated, and then drain all of its funds.

The account takeover attack is another common gift card-related ploy (ATO). These attacks are more common around the holidays. To obtain account credentials for a specific e-commerce platform, a cybercriminal first employs credential stuffing or password spraying techniques.

They then use this information to make purchases using that account information, frequently purchasing high-value electronic gift cards in bulk before spending those gift cards quickly to avoid being tracked down.

The best way to avoid becoming a victim of gift card scams is to be vigilant and adhere to the best practices outlined below:

• Set a strong password for each online account, and avoid using the same password on more than two platforms. To keep track of multiple accounts, use a password management app. If the site allows it, use random, non-duplicate User IDs as well. Unique usernames with unique passwords are preferable to unique passwords alone.
• Update your login credentials on a regular basis and keep an eye on your payment accounts for any unusual activity.
• When purchasing gift cards in-store, visually inspect them for signs of tampering before loading funds, and stick with retailers who keep their gift cards secure behind a checkout counter.
• When prompted via email, never agree to pay for online purchases with gift cards—the item you’re attempting to “purchase” most likely does not exist. Stick to retailers you know and trust, and ensure the website’s checkout system is secure. Credit cards are the most convenient way to pay because they provide some level of fraud protection. Remember that peer-to-peer transaction apps like Paypal (for friends without payment protection), Venmo, and CashApp should only be used between people you know and trust.

While COVID-19 has altered the holiday season in more ways than one, it is still possible to participate in your favorite traditions in a safe manner. We can connect with family and friends from the comfort and safety of our homes – and check off those gift lists without having to step foot in crowded malls and shopping centers – thanks to digital platforms. It simply necessitates a new level of vigilance, which, in turn, can become the new normal.

Stay safe online this holiday season by following these precautions: Never trust an email, text message, or phone call that comes from an unfamiliar number or source. Use common sense when looking for phishing signs. Regularly update login credentials. And, of course, share this information with anyone you think might benefit from it. After all, education is the most effective weapon in combating cybercrime.