Whenever there is a tragedy, some lowlife will try to take advantage of it. Such is the case with a new round of BEC scams that try to take leverage the California wildfires to defraud their victims.
A BEC scam stands for Business Email Compromise and is when an attacker gains control of a CEO, or other executives, account or impersonates them in emails sent to employees. These phishing emails instruct an employee, typically ones in involved in accounting, finance, or administration, to perform a particular action. These instructions typically involve transferring money or some other item of value to the attacker.
In this particular campaign, the scammers pretend to be the CEO of a company who tells an employee that their clients have been affected by the California wildfires and that they need to send then assistance. This is when things get a bit weird, because instead of asking for money to be transferred, they request that the employee go out and buy Google Play gift cards, reveal the redemption codes, and then send them back to the attacker.
According to Agari, who discovered this BEC campaign, if an attacker is sent codes they can they convert them into other currencies on underground or online markets.
"Once the criminal is in receipt of the codes, which are practically untraceable, they can then exchange them for currency from any location in the world using a multitude of online services."
Below is the text for one of these wildfire BEC scam emails.
Hi, I will need you to get this done for me ASAP. Please get me the Google Play gift cards. $500 denomination, I need $500 x 4 cards. We have some few clients caught up in the California wildfire disaster. I urgently need to send gift assistance. Do you think there is a store nearby you can get those? If Yes, get that done. Just scratch out the back to reveal the card codes, and email me the codes. How soon can you get that done? Its Urgent.
With the numerous typos, grammatical issues, and the bizarre request to send assistance using Google Play gift cards as wildfire assistance, you would think that people would never fall for these scams. Unfortunately, in an overworked and fast paced environment, people may sometimes act without thinking.
Therefore, it is important that all employees confirm any request to transfer funds or perform some other monetary transaction. This confirmation should not be done via email in the event that the account is compromised, but rather by calling and asking the person who allegedly sent the email.