Information Services > Security > News & Updates > "Are you available?" Gift Card Scam - 09/22/21

"Are you available?" Gift Card Scam - 09/22/21

September 22, 2021 / Posted in: Phishing and Malicious Emails / Twitter / Facebook

Screenshot of malicious email:

A screenshot of a malicious email. The malicious email attempts to trick recipients into believe that they are the recipient's colleague or manager.


During the month of September, DePaul University staff and faculty were once more targeted by scammers impersonating their colleagues. This is a very common scam, and employees have been alerted to this type of scam on multiple occasions over the past few years.

The "are you available" gift card scam typically encompasses malicious actors attempting to impersonate someone at DePaul, through the use of an email address set up an external provider (e.g. gmail, hotmail, etc.), and ultimately attempting to solicit funds, from the impersonated's colleagues, in the form of gift cards or cash app.

The email address used may either spoof the DePaul email address of the person they are impersonating, or create their external account in such a way that it looks at a glance similar to the DePaul email address (see screenshot), or not even try to hide it.

The scam often begins with the simple phrase of "are you available?" or requesting that the recipient send them their phone number. Once contacted, the scammer will tell the recipient that they cannot join a phone call because they are "in a meeting", but that they need the recipient's help with a task. Usually, the story behind the task is that they need to purchase gift cards for some reason (e.g. as rewards for colleagues, their friend's nephew's birthday, etc.).

The story and types of gift cards requested often vary. The scammers are often very hands-on with the victim, instructing them exactly which stores to go to and which cards to buy. Once the victim purchases the gift cards, the scammer will request that the victim scratch off the code and send a picture to them. The scammer will repeat this process, often stating that they need more, until the victim finally catches on.

Stores will often not accept scratched-off cards for returns, and the victim will ultimately have lost money.

Alternatively, this scam may use cash transferring apps like Cash App, Zelle, etc.​

Anyone who has gotten far enough in this scam that they purchased gift cards should contact our team at security@depaul.edu.

Some indicators that these emails are malicious:
- Numerous grammatical errors
- Non-DePaul "From address". This address can be spoofed (check for the [EXT] tag and reply-to) or a similar looking external address
- Leading communications off of DePaul's platform (i.e. emailing an external account and personal cell requests for texting)
- An attempt to create a sense of urgency