Blog / ‘Tis the Season for New Twists on Old Scams
Gift cards are convenient but not secure.
The Holiday season is upon us once again. It’s a time for charity, merriment, and generosity as people give a little more, be a little nicer, and soak up the spirit of the season. For most of us it’s also one of the more expensive times of the year, and not just because of the gift-giving. Food for family feasts, excessive amounts of chocolate, and a few bottles of holiday “cheer” can really add up. The holiday season puts a lot of money on the table for retailers, but while the holidays can often convince us to open our wallets a little wider than usual and most of those trying to reach into it use legitimate methods, there are also plenty of… let’s say “morally flexible”… people out there taking advantage of the hustle and bustle of the season to scrooge innocent people out of their hard-earned Christmas cash.
This year the morally-flexible Scrooges among us have found a new way to exploit gift cards, and no, I’m not talking about the fraudulent tax agents asking seniors for thousands of dollars worth of Apple store cards as you might have heard about. The scam I’m talking about today doesn’t involve targeting the vulnerable for a big one-time payday but instead hundreds and even thousands of small scale payouts, one of which might not ruin your entire retirement but can definitely ruin your Christmas morning.
Operation: Bad Elf
The scam revolves around a large scale operation in Sacramento, California. Throughout Operation: Bad Elf, law enforcement arrested over 200 people on a variety of retail theft and fraud charges. One of the most notable arrests was Ningning Sun, a Chinese national caught not just stealing gift cards from a Target store, but then replacing them. Following his initial detention, investigators discovered thousands more gift cards in Sun’s vehicle.
But why thousands of empty gift cards with no cash value that haven’t been activated yet? Well, criminals may be morally-flexible, but that doesn’t mean they’re not a creative or patient bunch. Sun would steal the gift cards and take them back to base, where he would meticulously remove the glue sealing each card, record their barcode and details, then reglue the packaging and return the gift cards to the store shelves. With each card’s vital statistics, Sun could monitor the available balance. Once the card was loaded and activated, the balance would be transferred away, with no one the wiser until they or the person they gifted the card to tried to use it and discovered the card was already empty.
And although Sun was just one man, Sacramento state officials believe he was part of a larger gift-card skimming operation, raising the possibility of this kind of gift card tampering happening across North America, be it as part of the operation or the result of other morally flexible individuals taking inspiration from his lead.
However, what’s interesting to note and important to remember from this story is that there was no hacking involved, and no deep technical vulnerabilities were exploited. Sun simply understood how the gift card system worked and had the desire to exploit it.
Gift cards have long been touted as a better option than giving cash. The problem is that gift cards are designed to be convenient and disposable, not secure. Indeed gift card scams have been around since as long as gift cards, yet the systems surrounding and protecting them have remained largely unchanged. This season it may be worth remembering that cash is still king and isn’t just more flexible but also immune to hacking when deciding what to stuff into those holiday cards.
This Shakespeare quote comes from the play Merry Wives of Windsor; “Well, if I be served such another trick, I’ll have my brains ta’en out and buttered, and give them to a dog for a new-year’s gift.”
If you’d like to discuss your options when it comes to digitally securing gift cards, or any part of your online store or presence, contact a TRINUS professional and we’ll be happy to help out.
Be kind, courtesy your friendly neighbourhood cyber-man.
PS: The entire TRINUS team, including our neighbourhood cyber-man, will be enjoying their well-earned holiday break next week. Don’t worry! Our 24/7 emergency services and technicians will still be available, but our offices will be closed and there will be no newsletter until the January 2, 2024 edition. We and everyone at TRINUS wish you and your loved ones the merriest of Christmases and happiest of holidays, and we’ll see you all again in the new year!