I am not a fan of gift cards. On the one hand if you know what the getter wants gift cards offer more value, though the strengths fade in utilitarian economics beyond that case, where cash offers greater value due to less risk
While the FTC has a whole section on what gift card scams look like, the screenshot comparison below showcases one not not listed. What you see is in the first search result is an AdSense campaign result at the top of the page on my actual mobile device. That results looks legit at first glance; it has all the bells and whistles and one might assume that a first-slot search result—a paid advertisement no less—would be vetted for fraud by Google. Alas, this is not the case.
The aforementioned phishing site is sneaky. If I was betting man one likely AdSense check fail is on the ad title itself. I didn’t debug this—I wasn’t expecting to run into this on a Sunday—the “T” character in the word “Target” in that ad looks like a Tau to my eye (U+03A4). In the moment I didn’t register the difference. Landing on the phishing site, it’s nearly a one-to-one mirror of Target’s actual gift card balance site. The site domain, which is clearly not Target.com throws no safe browsing error screen likely because the domain churns quickly to evade detection.
Situations like this can easily and effectively lead to being phished if you’re in a rush. I know from experience: I was in a rush and I only noticed this when Monica asked me to check the card because she couldn’t remember her Target.com login. Turns out Target.com makes you login to check a gift card balance; the phishing site does not. I got lucky and dodged it, but I suspect that in any other moment of a chaotic Sunday I may not have otherwise.
Target has often been a target of gift card balance phishing; they have a whole own gift card scam support site and the FTC notes $35 million lost to scams for Target gift cards in the first nine months this of 2021. Target gift cards are socially considered one of the more appropriate gifts over other gift cards
After reporting the advertisement—I presume others did as well, I have no idea if my report ever made it to the right people—AdSense has since removed the result. That said, don’t think scammers aren’t organically slipping into the search results. The second organic search result is indeed another less refined phishing site that does not trigger any warning at all.
Which is to say, be diligent. Check those URLs and make sure you really are where you need to be before inputting sensitive information into a web site or app. And for that niece or nephew, they’ll happily take cash. 😉 Happy Safe Holidays!