A California wildfire scam is underway that asks for donations to help those impacted by the recent wildfires. The emails seem to come from the CEO of a company and are aimed at its staff members in the accounts and finance sections.

It should come as no shock that hackers are taking advantage of yet another natural disaster and are trying to con people into giving donations. Scammers often move swiftly following natural disasters to pull on the emotions and defraud businesses. Similar scams were carried out in the wake of the recent hurricanes that hit the United States and caused widespread harm.

The California wildfire scam, discovered by Agari, is a business email compromise (BEC) attack. The emails seem to have been sent by the CEO of a company, with his/her email address used to transmit messages to company staff. This is often accomplished by spoofing the email address although in some instances the CEO’s email account has been compromised and is used to broadcast the messages.

The California wildfire scam includes one major red flag. Rather than ask for a monetary donation, the scammers request money in the form of Google play gift cards. The messages ask for the redemption codes to be sent back to the CEO by reply.

The emails are sent to staff members in the accounts and finance departments and the emails ask that the money be donated in 4 x $500 denomination gift cards. If these are returned to the CEO, he/she will then forward them on to company clients that have been impacted by the California wildfires.

The reason Google play gift cards are asked for is they can easily be exchanged on darknet forums for other currencies. The gift cards are almost impossible to trace back to the hacker.

The messages include lots of grammatical errors and incorrect spellings. Even so, it is another indication that the messages are not authentic. However, scams like this are sent because they are successful. Many people have been tricked by similar scams previously.

Safeguarding against scams like this requires a combination of technical controls, end user training and company policies. An advanced spam filtering solution should be be put in place – SpamTitan for instance – to stop messages such as these from arriving in inboxes. SpamTitan checks all incoming emails for spam signatures and uses complex techniques such as heuristics, machine learning and Bayesian analysis to spot advanced and never-before-seen phishing campaigns.

End user training is vital for all staff, especially those with access to corporate bank accounts. Those workers are usually targeted by scammers. Policies should be put in place that require all requests for changes to bank accounts, unusual payment requests, and wire transfers above a certain threshold to be confirmed by phone or in person before they are given approval.

A combination of these tactics will help to secure businesses from BEC attacks and other email scams.