Content

Cybercriminals Target E-commerce Gift Card Systems in New Attack

Share

By Marcos Colon

Cyber swindlers are always adjusting their attack methods to reap monetary rewards, and the latest tactic is aimed at gift card accounts.

Experts at security firm Distil Networks have discovered what they deem is a “sophisticated bot attack” that is targeting e-commerce gift card systems to obtain account numbers and make fraudulent purchases online.

“For a cyber thief, the beauty of stealing money from gift cards is that it is typically anonymous and untraceable once stolen,” Anna Westelius, director of engineering at Distil Networks, wrote in a recent blog post. “Any website with gift card processing capabilities, including checking your gift card balance or replenishing funds, is a potential target.”

Dubbed GiftGhostBot, the bot leverages automation to work its way through a list of account numbers to request balances. If a balance is provided, the bot operator then knows that the account number is valid and contains funds.

The account number can be used to make fraudulent purchases, or can also be sold on the dark web.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.