Skip to main content

Has your boss asked you to buy an iTunes gift card? Yes, it's a scam

Scammers have a myriad of ways to get you to part with your hard earned cash, but one of the most tried and tested ways to get it is through a simple gift card. They're not only last minute Christmas presents, they're also a hackers dream - as they leave no trail, no way to track where your money has gone.

There has recently been a resurgence in these kinds of scams, and although it's not the most sophisticated kind of social engineering it's still worth covering so that you don't end up out of pocket. How it works really depends on the scammer who's running the show, but for both businesses and individuals it follows the same basic formula. 

If you're getting scammed at work...

The scam will probably start with an email like the one our receptionist received. The two key things that every successful scam needs to establish are trust and urgency; the longer you have to think about what's happening, the less likely you're going to fall for a scam. And if it comes from a person or company you trust, you're always more likely to take their word for it.

In this case, the email came from one of our directors, Adam Kuznesof. The email reads, 

'HI Katherine, Please confirm if you are available, I have an urgent request for you. Thanks, Adam Kuznesof.' 

Immediately the sender has put themselves in a position of trust as masquerading as a director of the company, and established the urgency; the subject line is 'Quick Request!'. 

After receiving a reply from Katherine, there's a second email which reads, 

'I need you to run an errand for me at any store e.t.c nearby. I need Apple iTunes gift card to send to a client today. Confirm if you can handle this? Adam Kuznesof'. 

Note that there's a delay in revealing the entire request - building up trust through an email thread is a common technique used by scammers. It was here that Katherine realised this was not our director at all, and so didn't care to continue the conversation.

If the victim had carried on replying, the scammer would inform them of the amount of money they want on the gift card (reportedly up to £15,000 across numerous gift cards). They'd then ask for the serial number of the card, and disappear - or repeat the trick a few more times, if they can get away with it. 

If you're being scammed at home...

Admittedly, this scam is harder to pull off when you're targeted at home. With no boss to assume the authority of, the scammers have to come up with other ways of gaining your trust quickly and easily. One of the ways they can do this is by calling you, pretending to be from a government department - just like emails, hackers can fake the phone number of a group or organisation you'll recognise. 

After that, they'll establish the urgency. Maybe it's tax or a bill due, but they'll be very insistent that it has to be paid right this second. Just like the scam for businesses, they'll recommend that you load money onto an iTunes gift card for security reasons, or to avoid reading your card details over the phone - there are a lot of nefarious people out there after all! 

Once you've purchased the gift card, they'll want that magic number on the back so they can access the funds - and before you know it, you're off the phone and wondering what the hell just happened.

But what do scammers want with iTunes cards?

iTunes gift cards are great to sell on - you can use the serial code rather than having to meet to exchange the card itself, and scammers can often sell them at a fraction of the price they were purchased for. This can be done on the Dark Web incredibly easily, even paid for with Bitcoin or another cryptocurrency, and the seller can remain completely anonymous. 

How can I avoid this scam?

The business version of this scam is easily avoided by double checking the sender's email address. Although the tag might say Adam Kuznesof, the sender address was something completely different. Also take the time to check the tone and the language used in the email - presumably, you receive emails from your boss all the time. Does this sound like a normal request? Does it remind you of the way they write? If you're not convinced, it is always worth double checking by phone - no matter what the urgency of the task is, better to ask rather than spend your company's money on thousands of pounds worth of gift cards.

The out-of-work version of this scam is a little trickier. Whereas most people will start to wonder why government departments are demanding money from them in the form of gift cards, of all things, the most vulnerable in society are at risk - particularly people who aren't as technologically savvy. If you're in doubt about a phone call you've received, always contact the department directly using their phone number (not the one that the scammer has lead you to!) and ideally using a different phone. As with all of these scams, better to be safe than sorry.

Tweet us @TranscenditUK


The Transcendit Way

Transcendit understand that when you choose to work with us, whether we're taking care of your IT, app or web development, you're trusting us with part of your business. So whether we're looking after your computers, phone systems or servers we always do things 'the Transcendit way'.

The whole of our team adhere to the same values, beliefs and policies - the principles that were written when Transcendit first formed in 2000. Whether you come to us for cloud services or recovery backup you can be confident that you'll always receive the same excellent service.

The Transcendit way outlines how we do business; following the same straightforward principles with every client and customer, regardless of how big or small they may be.

That means we get to know you and your business. We offer you a friendly, professional and efficient service, and we'll always be honest with you.
We understand that not everybody speaks fluent IT, so we try to explain things in a way that is simple and clear. We always spend as much time as is necessary explaining things to you.
If you need to talk to us about something, no matter how insignificant, we are only ever a phone call away – and we’re never too busy to make you a cup of tea and have a sit down with you in person.
We understand how frustrating it can be when things are late. When we schedule an appointment with you, we are there when you’re expecting us. If something prevents us from getting there, we always call you in advance to let you know.
Sometimes things can go wrong, but we never lie to you or try to cover something up. If things go askew we tell you what’s happened and how we plan to prevent it affecting your business.
We want you to continuously benefit from working with us. We regularly discuss your business and make suggestions for improving systems and processes wherever we can – but we never try to push you into a purchase.
When we quote a fixed price, that's always the amount we charge – you won’t find any nasty surprises on a bill from us. If you are paying by time and materials, we inform you if our approximations could change.
We understand the importance of privacy for your business and your customers. We respect the confidentiality of your data, and we will never pass on your information to third parties.
We appreciate it when you take the time to give us feedback. A system called CustomerSure records our client's responses, so you can trust that our reviews are from real people.
Find out what they're saying here.
We have taken on some account managers from our local competitors, and by all accounts Paradigm is leagues ahead of anything else out there. The benefit it is giving our business from both an account manager's point of view and the back of house administrative aspect is fantastic. Ross Gill, IU Consult

Based on 12075 reviews our customers rate us 9.8/10. Reviews and ratings by Customersure. 09-October-2024

Transcendit are proud sponsors of CHUF, the Children's Heart Unit Fund.

Transcendit is a Microsoft Gold certified partner
VMWARE partner
Vipre partner
IPCortex partner
WithSecure partner
DELL partner
Barracuda partner
Veeam partner
N-Able partner