By BECKY RUTHERFORD
Los Alamos

What is a gift card scam? Most of the time this scam focuses on businesses, and emails might impersonate a CEO or other high level employee. The email would ask the employee if they could help with something, and if the employee responded the fake CEO would then request the employee purchase gift cards. These can also go after personal email accounts, as we are seeing in the latest scam.

Abnormal Security, a cybersecurity research firm, has uncovered a new cyber threat group they refer to as “Lilac Wolverine”. Instead of targeting businesses, they are targeting personal email accounts with the classic gift card scam. The cyber criminals compromise an email account, then use the information they get from that email account, such as email addresses, conversations, etc., to target a group of victims with phishing emails.

Rather than using the actual compromised account to send out phishing emails, they create a lookalike account. So instead of ilovecats2022@hotmail.com it might be iloveecats2022@gmail.com, changing the address by a letter or two, and moving to a different free email service. Or they might even keep the name the same and just change the email service to another one. Why would they do this? They don’t want the victim account to get responses to any phishing emails they send out.

What does this scam look like?

It’s the holidays, everyone is busy, and you receive an email from a friend or family member you haven’t heard from in awhile … maybe something like this.

Maybe a little odd, but nothing too alarming…right? So maybe you respond…

After getting a response, the cyber crooks will try to tug on the victim’s heart strings by saying they need to purchase gift cards for a very ill friend, don’t have access to their phone, etc. and can’t you please help? It’s understandable you might want to help an old friend, this scam takes advantage of our natural desire to help.

This campaign is believed to still be active … be aware, watch out for signs of a gift card scam:

• Unexpected and urgent requests, particularly emotional subjects requiring immediate action
• Messages claiming to come from someone you know, yet something feels off
• Any ask for money or gift cards from anyone should be considered suspect

According to Abnormal Security, Lilac Wolverine especially targets personal email accounts hosted on AOL, Yahoo, BellSouth, Verizon and Rogers webmail services. The group goes after a lot of accounts, their extremely high attack volume has made the group one of the most successful gangs the research firm has seen to date. This high volume is what makes the scam a success! Most people won’t fall for it, but when they do it’s an easy payday for the bad guys.

What else can you do to prevent these scams? Keep cyber criminals from compromising your email in the first place by using a strong password and MFA (multi-factor authentication) to protect your account. MFA is easy to set up with most email services, it can text you a code, or you can use a code generator like Google Authenticator, or a physical security key like Yubikey.

Have a happy holiday season, be good to each other, but be a Grinch to scammers! Don’t fall for the bait, and lose your holiday funds to a phish.

Editor’s note: Becky Rutherford works in information technology at Los Alamos National Laboratory.