Cyber swindlers are always adjusting their attack methods to reap monetary rewards, and the latest tactic is aimed at gift card accounts.
Experts at security firm Distil Networks have discovered what they deem is a “sophisticated bot attack” that is targeting e-commerce gift card systems to obtain account numbers and make fraudulent purchases online.
“For a cyber thief, the beauty of stealing money from gift cards is that it is typically anonymous and untraceable once stolen,” Anna Westelius, director of engineering at Distil Networks, wrote in a recent blog post. “Any website with gift card processing capabilities, including checking your gift card balance or replenishing funds, is a potential target.”
Dubbed GiftGhostBot, the bot leverages automation to work its way through a list of account numbers to request balances. If a balance is provided, the bot operator then knows that the account number is valid and contains funds.
The account number can be used to make fraudulent purchases, or can also be sold on the dark web.