MITA Security Operations team have been following a Phishing Campaign known as Business Email Compromise (BEC) Gift Card Scam targeting a number of government email users. The campaign impersonates senior Government of Malta officials, requesting targets to buy gift cards, with the possibility of furthering the scam using text message.
A typical email of this campaign:
• Does not hold a genuine email address, typically using an unfamiliar email address such as <email@example.com>;
• The subject of such emails generally start with [EXTERNAL] given they originate outside government;
• Content instils a level of urgency, typically indicating they are in a meeting or are heading into a meeting and need your help ASAP;
• Possibly not include the sender signature, but rather “Sent from my iPad” or “Sent from my Mobile” in order to make it appear as if the person is mobile and away from their desk;
• Asks to do them a “favor”;
• Asks to purchase numerous gift cards with the promise of reimbursement;
• Possibly have typos and grammatical errors;
• Appear to be sincere.
What To Do:
• Always verify the display name and the sender email address;
• Ask yourself, “would this person really ask me to do this?”;
• Call the sender to verify authenticity of the request;
• Do not reply to the email;
• Do not purchase any gift cards;
• Do not provide any personal information;
• Never divulge passwords.