Gift Card Scam Alert/Update

Leila Sharma

Please be advised that the Office of information Security (“OIS”) has seen a recent uptick in imposter scams. As an update to our posts on imposter scams and gift card scams (which are a type of imposter scam), please be on the alert and note the following 3 recent examples of these types of scams:  

Example #1

Screenshot of a phishing email requesting the urgent purchase of two $100 Amazon gift cards. Requests the gift card redemption numbers in the form of a photo of that information as it displays on the cards.

 

  • This message purports to come from an NYU executive and uses a sense of urgency, which is a common phishing ploy, to impel the recipient to action.

Example #2

Screenshot of a phishing email message requesting urgent assistance in obtaining iTunes gift cards

 

Example #3

Screenshot of phishing email with a subject of "Urgent" and stating "There is something I need you to do now" and further stating "You can only talk to me through Email".

Please Note: 

  • Both examples #2 and #3 purport to come NYU email addresses, and the sender’s email address in both examples contains familiar elements, nyu.edu@gmail.com and nyu.edu@outlook.com. NYU email will always be in the following format: [name/alias/or NYU NetID]@nyu.edu.  
  • Both examples #2 and #3 also use a sense of urgency to impel the recipient to action.
  • Although text in Example #3 states “You can only talk to me through Email”, please be reminded that it is a recommended best practice to confirm urgent or sensitive email requests via a trusted means of communication, such as a phone call to a trusted phone number, such as an NYU Directory phone number.
  • When viewing your NYU Gmail on mobile devices you may not see the sender’s email address display in entirety.  To see this address, click either “View Details” or or tap the the “>” to the right of the sender’s name.
    • However, since the sender’s email address can be “spoofed”, confirmation with the sender as per the above-stated best practice is the the top recommendation for confirming sensitive/urgent requests.