Milwaukee airport’s security manager has been fired after falling for a scam, buying gift cards and sending them to someone in Saudi Arabia posing as her boss.
- She was emailed by someone posing as the airport’s director. (She didn’t check the return address, which wasn’t his.)
- The scasmmer said he was planning “a surprise gift package for some of our staff” and asked her to pick up gift cards for the surprise, and that she’d be reimbursed – but not to tell anyone since it’s a surprise!
“Mum’s the word!” the email read. “I will need you to purchase the cards and you will be reimbursed. How soon can you get this done? Let me know so I can tell you how many cards are needed and also the value on each card.”
Initially she bought (3) $500 Google Play cards, (2) $200 iTunes cards, and (2) $100 eBay cards. She followed instructions, “scratch[ing] off all of the card PIN numbers and reply with photos showing the PIN numbers.”
Then the scammer got into high gear. He said two cards weren’t properly activated, and needed her to buy more – $3000 more. Eventually she asked her boss about the gift cards, and he told her he hadn’t emailed her and didn’t ask her to buy gift cards.
She’s the security director and she’s not careful dealing with online scammers. That’s not a good look, and she was let go for “substandard or careless job performance.” However what she ran into is very common and part of a multi-billion dollar scam that I’ve run into many times over the past three years.
I’ve written about how people commit credit card fraud but there’s another fraud I’m well acquainted with.
- Scammer looks up company website. Identifies name of the President or similar head of the organization, whom they impersonate.
- They email the CFO or Director of Finance. They’re out of the office, have an emergency payment to make by wire, and they need it expedited. They’ll often keep the amount under $50,000 thinking that it may require fewer approvals.
- In a particularly sophisticated version of the scam the email comes from one executive, is sent to a finance employee, and cc’s their boss. Someone impersonating their boss then replies with approval.
Of course in order to get the replies to these emails, the scammer isn’t using a real company email account. The ‘reply to’ address is a throwaway account (sometimes from a domain that looks similar to that of the company they’re trying to scam). Always check the email address of the person giving you instructions electronically.
Ultimately people want to be helpful and this is just a variation on an age old social engineering trick. Only in the digital age it’s leveraged so that scammers run off with 10 figures a year.
I’ve had this scam attempted twice, about 20 years ago , before internet and scams were synonymous. Both times able to identify it as a scam by emailing directly the person concerned. Those communications had gone to the entire address book /contacts list .
On the other hand, around the same time, what I thought to be a scam : a call from reception at a ‘take a rest hotel’ advising that an esteemed colleague had been ‘caught short’: woke up without a stitch of clothing, luggage, money. It turned out to be true, so I’m glad I didn’t ignore it.
I had this happen to me.
I was in the old UA First Class International Lounge at SFO on my way to BKK. Using the WiFI there.
My bookkeeper emailed me and said “Do you really want me to wire $35,000 to Italy for machinery”?
No, I said.
Turns out they made it seem like the email came from me,although it was misspelled. and of course, it’s always a rush…needs to be done now!
So this does indeed happen.
What’s the red arrow pointing at in the lower right hand corner of the picture?
What good are a couple of $200 iTunes gift cards? How much music can one person buy?
“buying gift cards and sending them to someone in Saudi Arabia”
Doesn’t sound like anyone was really in Saudi Arabia, or that the cards (as opposed to photos of the cards) were sent to anyone.
He was fired for stupidity as he should have been. End of story. Anyone that falls for scams like this doesn’t deserve to be in a position of responsibility.
@Christian- Gift cards are currency and are not limited to the actual type of card (ie Does not have to be used for iTunes). You can sell the gift cards for cash on sites for a 1%-10% discount on Raise and other sites, use them for currency on sites such as AshleyMadison, and ,any other ways to convert them to actual cash.
That photo reminds me of the good old days of yesteryear (2015) running from Office Depot to Office Max looking for scraps of $500 VISA gift cards when they had their $15 off $600 sales. Most stores sold out quickly because everyone was laundering them through Target Red Bird. Good times.
Thank you to all you points and travel bloggers for pointing me in that direction.
When I was the Treasurer of a 501(c)3, I received one or two “urgent” requests for transfers per month, purportedly from the organization president. Even if I had been asleep when reading these, our Bylaws and procedures required dual formal officer approvals before any expenditure could be sent, so it would have been impossible to do what was requested.
At least the scammer(s) knew not to ask for gift cards…
When I was the Treasurer of a 501(c)3, I received one or two “urgent” requests for transfers per month, purportedly from the organization president. Even if I had been asleep when reading these, our Bylaws and procedures required dual formal officer approvals before any expenditure could be sent, so it would have been impossible to do what was requested.
At least the scammer(s) knew not to ask for gift cards…
Something tells me this person was fired for more than falling for a scam.
She should have been fired. Even my 83 year old mother does not fall for these stupid tricks. My mom told the IRS agent to come over and arrest her , just use the fur covered handcuffs and she has her own. … the guy hung up on her.