Click bait: Beware of gift card scam phishing emails
May 19, 2024NSW Health has received numerous reports of staff receiving phishing emails involving a gift card scam, also referred to as the CEO or boss scam. Please look out for this threat in both your work and personal emails.
You can report any suspicious emails received to your NSW Health email address by clicking on the Report Message button in the Outlook menu.
How does the gift card scam work?
The scam occurs when an employee receives an email that appears to be from a colleague, usually their manager or executive, asking them to purchase gift cards to be used to reward team members. The scammer may have researched the organisation hierarchy to understand who to impersonate and who to target.
The scam often starts with an initial email that asks the employee if they can help with a favour. If the employee responds, the scammer then asks them to purchase gift cards, such as Amazon, Google or Apple gift cards using their own money, with a promise to reimburse them.
Once the gift cards are purchased, the employee will then be instructed to provide the codes on the back of the gift cards, enabling the scammer to redeem the gift cards.
This scam has been very effective in Australia, resulting in a total of $132 million in losses in 2019. Within NSW Health, we have received many reports of this scam targeting employees at both their work and personal email addresses.
NSW Health will never ask employees to purchase gift cards or other redeemable awards as this would be in breach of the NSW Health Code of Conduct which states that staff cannot accept gifts or benefits.
Report phishing emails or other suspicious activity
Report any suspicious emails received to your NSW Health email address by clicking on the Report Message button in the Outlook menu.
Suspicious account activity should also be reported to the State Wide Service Desk through SARA or by calling 1300 28 55 33.