A California wildfire scam is underway that asks for financial donations to help the victims of the recent wildfires. The emails look like they are being sent from the CEO of a company and are directed at its employees in the accounts and finance department.

It should come as no shock that hackers are taking advantage of yet another natural disaster and are trying to con people into giving donations. Hackers often take advantage of natural disasters to pull on the heart strings and defraud companies. Similar scams were carried out following the recent hurricanes that hit the United States and caused widespread damage.

The California wildfire scam, discovered by Agari, is a form of business email compromise (BEC) attack. The emails look like they have been sent by the CEO of a company, with his/her email address used to send messages to company staff. This is often achieved by spoofing the email address although in some instances the CEO’s email account has been compromised and is used to share the messages.

The California wildfire scam have one major red flag. Instead of seeking for a monetary donation, the scammers ask for Google play gift cards. The messages seek the redemption codes be sent back to the CEO by return.

The emails are sent to staff in the accounts and finance sections and the emails request that the money be sent in 4 x $500 denomination gift cards. If these are returned to the CEO, he/she will then forward them on to company clients that have been impacted by the California wildfires.

The reason Google play gift cards are sought is because they can easily be exchanged on the darknet for other currencies. The gift cards are virtually impossible to trace back to the hacker.

The messages are full of grammatical mistakes. However, scams such as this are conducted because they work. Many people have been fooled by similar scams previously.

Safeguarding against scams such as this requires technical controls, end user training and strong company policies. An advanced spam filtering solution should be implemented – SpamTitan for instance – to prevent messages such as these from landing in inboxes. SpamTitan reviews all incoming emails for spam signatures and uses advanced methods such as heuristics, machine learning, and Bayesian analysis to identify advanced and never-before-seen phishing campaigns.

End user training is vital for all staff, especially those with access to corporate bank accounts. Those people are regularly targeted by hackers. Policies should be introduced that mean all requests for changes to bank accounts, atypical payment requests, and wire transfers above a certain threshold to be approved by phone or in person before they are authorized.