Massive Gift Card Fraud Bot Discovered, 1,000 Customer Websites Attacked Already

Bot

Bot

AI-powered Bot
Thread author
Apr 21, 2016
4,370
A new bot targeting card payment processes on websites was spotted in the wild. Called GiftGhostBot, the bot is trying to defraud consumers of the money loaded on gift cards from a wide range of retailers around the globe, with attacks being noticed on almost 1,000 customer websites. Unfortunately, any website with gift card processing capabilities could be a target.

The attacks were noticed by the Distil Networks Security Analyst team. It seems that starting on February 2016, 2017, bot activity on customer websites with gift card processing capabilities spiked.

The tactic involves fraudsters using malicious automation to test a rolling list of potential account numbers and requesting each balance. If they are successful in obtaining the balance, fraudsters can resell the account number on the dark web or use it to purchase goods.

GiftGhostBots are reportedly being distributed across worldwide hosting providers, mobile ISPs, and data centers, executing JavaScript to avoid detection. It seems the capabilities of the actors behind the bots are quite extensive and the criminals can test as many as 1.7 million gift card account numbers per hour.

Read more: Massive Gift Card Fraud Bot Discovered, 1,000 Customer Websites Attacked Already
 
  • Like
Reactions: _eR_, frogboy and shukla44
L

larry goes to church

Level 3
Verified
Mar 10, 2017
103
I'm surprised we are seeing more of these attacks already.
This seems like the type of attack that has most likely been going on for awhile and they just don't know.

The good 'ol "its not if you've been hacked, its when you'll be hacked" applies here when i think about this scenario.
These systems need to be developed with security in mind not just usability especially when money is involved.

Since its not CC transactions though I can understand why there is no standards for this.
 
  • Like
Reactions: Ana_Filiz, frogboy and shukla44
Danielx64

Danielx64

Level 10
Verified
Well-known
Mar 24, 2017
481
Maybe it just me but I am starting to see cards that has like a 4 digit pin that needs to be used. Also in the case of some prepaid credit cards you have one id for checking the balance while the other id is used at the checkout when you go to use it.
 
  • Like
Reactions: frogboy
Amelith Nargothrond

Amelith Nargothrond

Level 12
Verified
Top Poster
Well-known
Mar 22, 2017
587
It's not the first massive gift cards fraud. We recently had one on Facebook, which involved airline tickets. One of my friends got "robbed". And the things is they profit from people's naivety. Best practice: if it's to good to be true, "shift+delete".
 
  • Like
Reactions: _eR_
You must log in or register to reply here.

Similar threads

Gandalf_The_Grey
    • +Reputation
    • Like
    • Applause
FBI advises adblocker to protect against technical and customer support fraud
Replies
0
Views
1,005
News Archive
Gandalf_The_Grey
Gandalf_The_Grey
upnorth
    • Like
    • Wow
    • +Reputation
Cybercrime Gift Card Gang Extracts Cash From 100k Inboxes Daily
Replies
0
Views
1,254
Malware Analysis
upnorth
upnorth
[correlate]
    • Like
    • +Reputation
Report: Facebook Credit Card Scam Exposed Via Huge Data Leak
Replies
0
Views
1,299
News Archive
[correlate]
[correlate]

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top