Are you free?

I’d like to ask you a favour

I’m in a meeting so please don’t call me, just reply to this email

Kind Regards,

Your Manager

This is an example of a gift card scam. If you respond to this initial email, then the scammer will ask you to buy some gift cards urgently, asking you to send them the codes from the cards via email. They may say this is a gift for members of the team so you must keep it secret.

The scam often begins with a seemingly innocuous question, such as “Are you free?” or “Have you got a moment?” If the recipient responds, the scammer proceeds to send additional emails. Frequently, the scammer claims to be trapped in a meeting or conference, expressing an inability to make a phone call.

The scammer then uses the code on the card and the money is lost.

The reason this type of attack is so successful is its sheer simplicity. Anyone can set up a gmail or a hotmail account and set the display name to match that of a member of University staff.

So what can I do to protect myself from a gift card scam?

Exercise caution when faced with unusual requests, especially those involving monetary transactions. Fraudsters often attempt to create a sense of urgency to prompt action.

1. Only use your official University of Surrey account to communicate with colleagues and students. If you have a colleague that is using another account such as gmail, then encourage them to use their Surrey account.
2. If a colleague asks you to purchase something via email, always confirm this using another method such as face-to-face or via phone.
3. If you are unsure, you can report any suspicious emails using the Report Phish button in your Outlook Window. The Cyber Security team does evaluate every email and we will let you know if we believe an email to be genuine.

What should I do if I have purchased gift cards?

It may be worth contacting the gift card issuer and see if they will cancel the gift card and issue a refund to you. However there is no guarantee this will be successful, particularly if the codes have already been used by the scammer.

You can also report the scam to Action Fraud or call 0300 123 2040.

Why aren’t IT Services doing anything to block these messages?

Whilst we can block the individual email addresses from which these scam emails originate (and will, if a large volume is coming from a single address), new email addresses are always being created for scam purposes. We cannot block the emails at the domain level, as this would mean that the University would be unable to receive any emails from accounts such as gmail, hotmail or iCloud.

Due to the short and simple messages in the body, and the fact there are no included malicious links or attachments, it makes it hard for the systems to recognise this as a scam email, and tightening the filters would run the risk of blocking large volumes of legitimate emails.

What should I do if i receive such a message?

Report the email to Cyber Security using the Report Phish button. This will also move the scam email to your Junk mailbox.

Your reporting, along with reports from other members of the University, helps to track scam campaigns, and inform our ongoing response and investigations, and contributes to helping keep the University secure.