90%
Executive requesting gift card purchase
executive_gift_card
Case Study — Multi-University, Ongoing
"Can you grab
gift cards?"
The single most common scam targeting university staff. Scammers impersonate deans, provosts, and department chairs to trick staff into buying gift cards for a faculty event that does not exist. $1K-$5K per incident, relentless since 2023.
Documented at Michigan, UC Berkeley, UCLA, Stanford, NC State, Chapman, and 50+ more. Low dollar per incident, but it never stops. The suss. API catches it at the subject line.
What happened
The attack.
01
Dean impersonation email
Scammers impersonate deans, provosts, and department chairs via email. They request staff purchase gift cards for faculty appreciation, student prizes, or a confidential event. The emails use the real executive's name and title.
02
$1K-$5K per incident, ongoing since 2023
Each incident typically costs $1,000 to $5,000. Staff buy Apple, Amazon, or Google Play gift cards, scratch the codes, and send photos to the scammer. Once redeemed, the funds are unrecoverable.
03
50+ universities documented, still active
This is the single most common scam targeting university staff. Michigan, UC Berkeley, UCLA, Stanford, NC State, and Chapman have all published warnings. The campaigns are ongoing and show no sign of slowing.
Detection
What suss.
would have seen.
We ran a reconstructed version of this attack through the production API. Here's what fired.
suss. verdict
70%
HIGH RISK
Executive Gift Card Scam Detected
4 threat indicators fired
85%
Gift card used as payment method
gift_card_payment
75%
Authority figure impersonation detected
authority_impersonation
70%
Isolation tactic — 'keep this between us'
isolation_tactic
Recommended actions
- 01No legitimate executive will ever ask you to buy gift cards via email.
- 02Call the person directly to verify. Use a known number, not one from the email.
- 03Report this email to your IT security team immediately.
- 04Do not scratch the cards or send photos of the codes.
- 05If you already sent gift card codes, contact IT immediately. Cards may be recoverable if not yet redeemed.
Impact
The cost.
$1K–$5K
Per incident
50+
Universities documented
Ongoing
Since 2023, still active
Pattern
Why this scam never stops working.
01
Deference to authority
When a dean or provost asks for something, staff respond quickly. Academic hierarchy makes people less likely to question unusual requests from leadership.
02
Public leadership directories
University websites list every dean, chair, and administrator with full name, title, and department. Scammers need only copy-paste.
03
Plausible cover stories
Faculty appreciation lunch. Student award prizes. Visiting speaker gift. Universities regularly buy gift cards for events. The request seems normal.
04
Isolation tactics work
"Keep this between us — it's a surprise for the department" creates secrecy that prevents the victim from verifying with colleagues.
With vs without
Two timelines.
Two outcomes.
Without suss.
- 01"Dean Smith" emails asking for gift cards.
- 02Staff member goes to Target on lunch break.
- 03Buys $2,000 in Apple gift cards.
- 04Scratches the codes and sends photos.
- 05Codes redeemed within minutes.
- 06Real Dean Smith has no idea it happened.
With suss.
- 01Email scanner flags the gift card request instantly.
- 02Warning badge: Executive Gift Card Scam Detected.
- 03Staff sees 70% HIGH RISK before reading further.
- 04Calls Dean Smith directly. Confirms it is fake.
- 05Reports to IT. Campaign blocked campus-wide.
- 06$2,000 saved. Scammer gets nothing.
Get protected
Don't be the
next case study.
Book a 15-minute pilot conversation. We'll show you the threats targeting your institution right now and walk through deployment.
Free 30-day pilot for qualified institutions. No IT integration required.