The Gift Card Grift


Hello all, Detective Cy here!

Did you know that there has been a significant increase in cyber-attacks since the beginning of the COVID-19 pandemic? In fact, there have been so many attacks on municipalities within the past year alone that it is now considered a primary concern for most local governments. These attacks can come in a variety of deceptive forms, including one sent by a “sheriff” to police officers.

Unbeknownst to the police force of a small township, a rookie officer received an email indicating that they had been selected as employee of the month from someone claiming to be the sheriff. Not only did the award come with a certificate, but also an Amazon gift card to thank them for their service. All they needed to do to claim their prize was click a link provided in the message. Little did the officer know, however, that the link would also cause the municipality’s entire network to be taken over.

To help protect the people of the municipality, local detectives began to investigate events leading up to the attack. They made a breakthrough when they discovered the officer who claimed to receive a gift card from the sheriff; a gift card that the sheriff stated he never sent. By reviewing the link in the email, they discovered that the officer had unintentionally downloaded a malware program. It instantly encrypted all of the district’s files, which made it impossible to logon unless you had the key.

The hacker who had impersonated the sheriff and sent out the email demanded a ransom of $500,000 to unlock their system. The municipality refused to pay, since they knew that there was no guarantee that the hacker would send them the key. The only remaining option was to invest in recovering the system through backup files. While this method was successful, it was still extremely expensive and put a great deal of stress on the community.

To prevent something similar from happening to you and your municipality, remember to always check the sender of every email you receive to verify that they are from a reliable source. You can also contact the sender directly via a phone call to confirm that they sent the email. If you are offered an award through an email, be sure to verify that the award is real by asking the individual providing the prize. You should also hover over any links in an email to determine if you recognize the related website.

Lessons Learned:

  • Always verify the sender of emails you receive. If necessary, you can call the sender or create a new email with the known email address to ask the user if they sent the email.
  • Always hover your cursor over links in an email to ensure the URL is legitimate and not masking an unknown site.
  • Never click links in an email unless you trust and can verify the sender.

Share this post

Share on facebook
Share on twitter
Share on linkedin
Share on print
Share on email


Credential Copy Crisis
Detective Cy

The Credential Copy Crisis

Hello readers, Detective Cy here! Did you know that using the same password for all of your accounts drastically increases

The Vexatious Vendor
Detective Cy

The Vexatious Vendor

Greetings everyone, Detective Cy’s back again! Did you know that many attempts to steal your private information are hiding in