ALERT:  Gift Card Scam

This information was sent via email to the University of Toledo faculty and staff groups on October 26, 2018

IT Security has received recent reports of a new phishing attempt directed toward the University of Toledo community.  

Emails are sent to individuals that request the receiver to purchase gift cards.  The email received is either a spoofed email, a spoofed phone call or a spoofed text from a person in authority requesting the purchase of multiple gift cards for either personal or business reasons.

The email message may start out by saying, "Are you available at the moment?  I need you to do something for me." 

    • Be mindful of any email, phone call or text message requesting multiple gift cards, even if the request is ordinary.
    • Carefully scrutinize all requests for multiple gift card purchases.
    • Be suspicious of communications with urgent requests from executives. 
    • Review the sending email address closely. 
    • Check with the sender by phone or in person.  Or send a separate email to follow up. 
    • Do not reply to the request itself.

Cybercriminals conduct extensive research online to mimic a company’s email protocols, design and structure. They monitor social networks to target employees who have a working relationship with the senior executive attributed to the fake email.  It’s all meant to be plausible enough to persuade the employee to be responsive to the senior executive’s request.  This information is easily attainable and can be found on the university's website.

Other elements that make the crime work so well:

  • The email address is substantially similar to the purported sender’s address, with very minor, subtle differences. The email display name may appear correct, but when the cursor hovers over the email address, a different underlying address is displayed. For example, if the actual address is, the impersonator address might be (Note the misspelled domain.)  Other domains could include Yahoo, Gmail, or
  • Requests occur when the executive is traveling and cannot be contacted.  
  • There is an element of urgency or secrecy regarding the disbursement.  
  • The amount is within the normal range of transactions so as not to arouse suspicion.  
  • Other employees are referred to or copied in the email, however, their email addresses are also modified.

Please report any fraudulent or phishing emails to  You can also visit for the latest email scams.

Last Updated: 6/27/22