Fake Boss Gift Card Request Scam

The fake boss gift card scam, also called the CEO gift card scam or executive impersonation gift card fraud, exploits workplace authority dynamics. Fraudsters create a spoofed email address or use a similar-looking domain, or simply send a text message claiming to be from a senior leader.

Gift cards are the payment method of choice because they are available everywhere, can be purchased anonymously, and their codes can be redeemed immediately once shared. Unlike bank transfers, there is no cooling-off period and virtually no chance of recovery once the codes are used.

The scam targets employees across organisations of all sizes. Those in finance, administration, and executive-assistant roles are especially common targets because they are accustomed to acting on behalf of leadership.

The scammer identifies a target employee using LinkedIn or a company website and finds the name of a senior person in the organisation. They then send a short, authoritative message from a spoofed or near-identical email address — for example, swapping a letter or adding a domain like '.co' instead of '.com.'

The initial message is deliberately brief: 'Are you available to help me with something urgent?' Once the employee responds, the follow-up explains the gift card request. The scammer keeps the employee engaged by reiterating urgency, claiming they are in a meeting and cannot call, and asking for updates as the purchase progresses.

The employee buys the cards with their own funds — often several hundred to several thousand dollars worth — scratches off the PIN, and sends photos of the codes. The scammer redeems the codes within minutes, making recovery impossible.

Employees are conditioned to respond quickly to requests from management, especially when framed as something the executive cannot handle themselves. The implicit message is that agreeing to help is a sign of trustworthiness and initiative.

The claim that the sender is unavailable to speak — in a meeting, on a call, travelling — prevents the most obvious verification step: picking up the phone. The combination of authority, urgency, and unavailability is highly effective at bypassing normal caution.

An employee receives a text or email that appears to be from their direct manager or a senior executive. The message says the sender is in a meeting and cannot talk, but needs the employee to urgently buy several gift cards — usually for a business purpose such as client rewards or a staff event. The employee is asked to buy the cards at a local retailer, scratch off the PIN panels, and text or email the codes back immediately. The 'executive' promises to reimburse them. Once the codes are sent, the scammer redeems them and the employee is left out of pocket, having paid with their own money.

'Are you free right now? I need your help with something urgent — I am in a meeting and cannot call.'

'I need you to buy [amount] worth of [brand] gift cards from a nearby store. It is for a client surprise. I will reimburse you today — just send me the codes as soon as you have them.'

'Please do not mention this to anyone yet — I want it to be a surprise for the team. Just grab the cards and send me the numbers on the back.'

Verify any unusual financial request from a manager by calling them on their known work number — not by replying to the message you received. If you cannot reach them, contact another colleague who would be aware of their schedule.

Check the sender's email address character by character. Legitimate internal requests will come from the organisation's official domain. A slight variation (e.g., an extra letter, a different top-level domain) is a reliable indicator of fraud.