Attackers Taking Advantage of California Wildfires in New BEC Scams
2018 has been the most destructive wildfire season on record for California, with over 7,500 fires burning an area of 1,667,855 acres, and causing almost $3 billion in damages. Countless people have been affected by the fires, losing their homes, businesses, livelihoods or loved ones. It’s not unusual that in a time of tragedy or disaster, when emotions are high, for attackers to prey on those affected, and that is exactly what happened with this attack.
A round of Business Email Compromise (BEC) scams have been sweeping California businesses. A BEC scam involves an attacker taking control of a CEO’s or other personnel high up in the business, email address. The attacker then impersonates the CEO and asks employees to carry out a certain action. Since the goal is usually monetary, the attacker will usually target the finance or accounting team, asking them to transfer funds into an account or something similar.
In this current wave of attacks, the scammers impersonate the CEO and tell employees they want to help clients that have been affected by the wildfires. Instead of asking for money, they ask for the employees to purchase Google Play gift cards. Once the gift cards have been purchased, the attackers ask for the redemption codes to be sent to them. The attacker can convert the codes into different currencies and sell them on the online market. The codes are practically untraceable, making Google Play gift cards an attractive choice for attackers.
One email involved in this scam read:
I will need you to get this done for me ASAP.
Please get me the Google Play gift cards. $500 denomination, I need $500 x 4 cards. We have some few clients caught up in the California wildfire disaster. I urgently need to send gift assistance. Do you think there is a store nearby you can get those? If yes, get that done. Just scratch out the back to reveal the card codes and email me the codes. How soon can you get that done? Its urgent.
The grammar and use of language make it clear this hasn’t been written by a native English speaker, so you may be wondering how employees fell victim to the scam. People often overlook such things when asked to urgently respond to something by a CEO.