Fake Boss Gift Card Scam

No, Your Boss Isn't Messaging You About a Gift Card.

September 15, 2021
Michelle HackerBy Michelle Hacker
Director of Digital Services

You would never ignore a message from your boss, right? That’s exactly what scammers are counting on.

The FTC is warning people about a type of “boss scam” where scammers trick employees into buying gift cards by pretending to be their supervisor. Fake boss scams have already cost U.S. companies billions of dollars, and this particular gift card version could be on the rise as so many employees continue to work remotely.

In this article, I'll talk about the fake boss gift card scam, along with ways you and your business can protect yourself.

What is a fake boss scam?

A fake boss scam is a text or email scam in which fraudsters pretend to be a supervisor and request gift cards (or some other payment) to be sent to them, for a variety of made-up reasons.

Here's how it works:

STEP 1 - The scammer scours the Internet for names and emails of a company's high-ranking supervisors. They'll also search for job titles, telephone numbers and other important information about the company, to help disguise their request.

STEP 2 - The scammer hacks into the supervisor's business account, or spoofs a similar email domain that's hard to notice (for example “boss@microsoft.com” becomes “boss@micr0soft.com”). Or, they could create a fake email account through GMail, Yahoo or another service, and make an excuse for sending something from their “personal” email. Finally, they could spoof a phone number from your area code and send a text message instead.

STEP 3 The scammer sends the request to a lower employee, asking to buy gift cards for a random reason and send the gift card numbers or PINs back via email or text.

Maybe the scammer needs a gift card to pay for an upcoming “office party.” Maybe it’s to support a “charity” of some sort. They might even ask the employee to foot the bill, and promise to pay it back later. But once someone hands over a gift card or PIN number, the money will be gone and the business — or even worse, the employee — will be on the hook.

Examples of a boss gift card scam:

Fake Boss Scam Email Example
An example of an email from a fake supervisor's “personal” account to an employee. Source: The Ohio State University Cybersecurity

Fake Boss Scam Text Message Example
Real example of a 2021 text message from a fake employer to an employee, seeking Target gift cards.
Source: New York Attorney General's Office

The scammer might sound just like your boss, and may even know details about you or your company that you’d never expect a fraudster to know. But remember, that's what professional “phishers” do — they gather enough information to convince you they are someone they’re not.

Why would a scammer want gift cards?

Criminals love gift cards, because they're like cash — only without the money trail. Once the money is used, it's gone. Gift cards also don't offer the same protections as other payment methods, like credit or debit cards. 

Remember, gift cards are for gifts — not payments. No legitimate business or government agency will ever insist that you pay with a gift card.

How to avoid a fake boss scam:

There are some common-sense measures you can take to protect your business from a boss gift card scam.

  • Pause and verify. Scammers create a sense or urgency to prey on your emotions — especially when a boss is involved. Do NOT reply directly to the text or email, instead reach out and confirm the request with your manager through a different email or phone number you trust.
  • Spoof-proof your company’s email. Work with your IT department to set up security and spam filters on your company email. You should also configure an “external email warning” that will add a warning message to the top of any emails that come from someone outside of your organization.
    screenshot: external email warning
  • Have a robust phishing training program. Google “phishing training” to find a variety of phishing awareness and training programs out there to help protect your business. Through tutorials, tests and fake phishing emails, you can gradually train employees to better spot and respond to dangerous threats.

If you happen to spot a fake boss scam, or your business is targeted by one, notify your real supervisor right away and report it to ReportFraud.ftc.gov.

Was this article helpful?

We want to provide solutions that matter, when you need them most. Get the latest fraud and security updates by subscribing to our free newsletter. And if you have any further questions, contact us today.

About the Author

Michelle Hacker

Michelle Hacker is the Director of Digital Services at Security National Bank, overseeing all personal and business digital platforms for customers. She is a graduate of Iowa State University and has nearly a decade of experience in the technology and financial service field.