Beware the gift card email scam
December 1, 2020
Jessica Murray
Share |
An assortment of gift cards.
Photo: Phil Johnson

“Are you free at the moment? Let me know ASAP.”

This is the kind of email that may get your attention, especially if it’s from someone higher up in your organization. But be on guard – most likely it’s an email scam that’s been making the rounds. The Security Team in Information Systems and Technology (IS&T) has received several reports about it.

Here’s how it works:

You get a short email from someone in your organization, usually a higher-up, saying that they need you to respond ASAP. If you respond, usually they ask you to purchase gift cards or wire money somewhere.

The scammer has just spoofed the email address that it appears to be coming from (often just changing the display name), not compromised any account. Often scammers will target an entire lab or one person’s direct reports. The MIT organization structure is openly available on our websites, which makes it easy for scammers to get contacts.

Here’s an example:

From: Tim Beaver <tbeaver.mit.edu@domain.com>

Hello,
I would like to know if you are free at the moment? Let me know ASAP.
Regards

So don’t fall for this fake request if you get one. Instead, take a minute to read up on common email scams in the Knowledge Base.

IS&T asks that you please report all suspicious emails to phishing@mit.edu so our Security team can improve the Institute’s spam filters and block malicious senders and links. Be sure to forward such emails as an attachment to preserve information the team will need to do so.

To report an IT security threat or incident, please contact the IS&T Security Team at security@mit.edu or IS&T Security.