Over 60% of fraudsters request gift cards in business emails scams; eBay, Google Play cards most popular

s300_screen_padlock_computer

According to data presented by the Atlas VPN team, gift cards were the preferred payment method for 64% of fraudsters who used attacks to compromise business emails in the second half of 2020.

eBay gift cards were the most popular, with nearly a quarter (24%) of cybercriminals requesting eBay gift vouchers as a form of payment.

Google Play gift cards ranked second on the list. They were the gift card of choice of 15.5% of hackers involved in BEC attacks in the second half of last year.

Google Play is followed by its competitor iTunes. Apple’s iTune gift cards were sought after by close to 12% of cybercriminals in H2 2020.

On average, hackers demanded about $1,270 worth of gift cards per BEC attack. However, 22% of cybercriminals preferred wire transfers over gift cards as a payment method in BEC attacks. In the meantime, 10% of hackers preferred payroll diversion.

Ruth Cizynski, the cybersecurity researcher and author at Atlas VPN, shares her thoughts on why gift cards are so popular with BEC attackers:

“Gift cards make for a perfect payment method to scammers and hackers. Unlike, for example, wire transfers, payments in gift cards can not be easily tracked back to criminals.”

Gmail is the most popular domain among BEC scammers

Frequently, scammers choose free email domains to carry out their attacks. It appears that the most popular webmail account Gmail was also the most favored among cybercriminals for BEC attacks in the second half of 2020. Overall, 61% of BEC hackers choose Gmail to conduct attacks.

Other popular email domains for BEC attacks include Cox (6%), Naver (5%), Seznam.cz (4.5%), Earthlink (3%), Virgin Media (2%), Optimum.net (2%), Mail.ru (2%), and Roadrunner (1%).