A popular internet scam involves email or text requests for gift card purchases. Scammers rely on impersonation and social engineering tactics to ask victims to purchase gift cards or approve invoices for them.
In addition to numerous other businesses and organizations, employees of Vanderbilt University Medical Center are being targeted for these scams. No one from VUMC will ever be asked to purchase gift cards or approve invoices in this way.
The scammers study businesses and other organizations, and if possible like to gain access to organizational charts to learn reporting structures for supervisors and their staff. The gift card scam typically involves an email from an email account created (spoofed) to make the recipient think it is from their supervisor or another person of authority. This is an example of a spoof email address created to resemble a legitimate VUMC email account- john.smith@vumc.org@gmail.com
The scammer asks the recipient to respond, and then though a series of following emails asks the recipient to quickly purchase gift cards. Once the cards are purchased, then scammers request the numbers from the gift cards, which can be fraudulently spent online or in other ways.
If you are unsure about an email, call the Help Desk at 615-343-HELP (3-4357) or send the email to the VUMC IT Security Operations Incident Response team at phishing@vumc.org and ask them to verify it for you.
Remember:
- Never give your ePassword to anyone.
- Never click on links or open attachments in emails unless you verify that the sender is who he or she claims to be and acknowledges sending the email.
- For additional information about phishing / spoofing and how to protect yourself, please review these helpful facts and tips https://www.vumc.org/enterprisecybersecurity/cybersecurity-updates/five-ways-spot-phishing-attempt.
