The “Tinder Swindler” is an extreme example of how online scammers can mask their identity, charm their victims and bilk them of millions of dollars, but the point is made. Whether you’re looking for love this Valentine’s Day or wanting to show your loved ones how much you appreciate them, beware of online scams. Some of the latest involve gift cards, where scammers who have honed their craft and done their homework about you, ask for payment in the form of gift cards. 

The FBI warns that online romance scams have been prevalent during the pandemic as more people look for love online, and the consequences are often financially and emotionally devastating to victims. In this type of fraud, a cybercriminal presents themselves as a potential partner. These expert scammers gain your trust and once you’re hooked, suggest you show your love with a gift card. Not flowers, chocolates or some other token that you send to a legitimate, physical address. The Cybersecurity and Infrastructure Security Agency (CISA) advises, “if you don’t know who you are doting on when you are dating, be cautious with your cash and keep it.”

For those of you wanting to show your loved ones just how much you appreciate them – whether you’ve spent almost every hour together over the past two years or haven’t seen them nearly enough – you’re not safe either. Many of your daily activities have transitioned to the internet and it’s likely you’ll be shopping for that perfect gift online. Should you get an email, text or call that there’s a problem with your order, and solving it requires payment of a support fee in the form of a gift card, beware.

There are no legitimate reasons to give someone else a gift card as part of any legitimate transaction, especially someone you don’t really know. Unlike credit cards, gift cards are easy to acquire, have no consumer protection and are impossible to trace, so you can’t get your money back. 

Many of the scams will start with emails or robocalls, then move to where you speak with someone. The person on the phone will use social engineering to try to convince you to buy the gift cards, then read them the numbers over the phone.

In a more sophisticated twist on the gift card scam, a cybercriminal will tell their victim that they’re going to send them money, perhaps to reimburse them for a problem with an order. They convince the victim to give them access to their computer by asking them to install a remote connection with an application like TeamViewer or LogMeIn. Then they’ll ask the victim to log into their bank account to check that the transfer went through. But while the victim is on their banking site, the scammer will modify the webpage code to show a transfer of money that’s bigger than the one promised. Then the scammer will ask for a refund of the difference in the form of gift cards. But in reality, that transferred money doesn’t exist.

We all know that threat actors are getting more and more crafty, and that their pool of victims continues to expand with our level of online activity and lax security practices. Take advantage of the various, publicly available sources of threat intelligence from government agencies and reliable security publications to educate yourself on what to watch for and what to do if you suspect a scam or have already fallen victim. Together, we can make this Valentine’s Day less sweet for threat actors.