Know How Cyber Thieves Steal Gift Card Balances
Security vendor Distil Networks announced on March 24 that it has discovered an automated bot it is calling Gift GhostBot that is being used to steal retail gift card balances in a global attack.
Gift cards have once again caused quite a headache for retailers, as cyber criminals are using a botnet to break into and steal cash from money-loaded gift cards provided by major retailers around the globe.
Dubbed Gift GhostBot, the new botnet specialized in gift card fraud is an “Advanced Persistent Bot” (APB), that has been spotted in the wild by cyber security firm Distil Networks.
Gift GhostBot has been seen attacking almost 1,000 websites worldwide and defrauding legitimate consumers of the money loaded on gift cards since Distil detected the attack late last month.
According to the security firm, any website from luxury retailers, supermarkets to coffee distributors that allow their customers to buy products with gift cards could be targeted by the botnet.
Operators of the Gift GhostBot botnet launch brute-force attacks against retailer’s website to check potential gift card account numbers at a rate of about 1.9 Million numbers per hour, and request the balance for each number.
Once the gift card account number and its balance is correctly matched, the fraudsters automatically get logged into that account without any authentication.
The cyber criminals then record those account numbers to either resell them on the Dark Web or use them to purchase goods.
What’s interesting? The beauty of stealing money from gift cards, according to the security firm, is that “it is typically anonymous and untraceable once stolen.”
Like any other sophisticated cyber attack, the Gift Ghost Bots botnets are also being distributed across the global hosting providers, internet service providers, and data centers, executing JavaScript mimicking a regular browser to evade detection.
“Like most sophisticated bot attacks, Gift GhostBot operators are moving quickly to evade detection, and any retailer that offers gift cards could be under attack at this very moment,” said Distil Networks CEO Rami Essaid. “To prevent resources from being drained, individuals and companies must work together to prevent further damage.”
0 comments: