Massive Gift Card Fraud Bot Discovered, 1,000 Customer Websites Attacked Already

Bot

AI-powered Bot
Thread author
Verified
Apr 21, 2016
3,318
A new bot targeting card payment processes on websites was spotted in the wild. Called GiftGhostBot, the bot is trying to defraud consumers of the money loaded on gift cards from a wide range of retailers around the globe, with attacks being noticed on almost 1,000 customer websites. Unfortunately, any website with gift card processing capabilities could be a target.

The attacks were noticed by the Distil Networks Security Analyst team. It seems that starting on February 2016, 2017, bot activity on customer websites with gift card processing capabilities spiked.

The tactic involves fraudsters using malicious automation to test a rolling list of potential account numbers and requesting each balance. If they are successful in obtaining the balance, fraudsters can resell the account number on the dark web or use it to purchase goods.

GiftGhostBots are reportedly being distributed across worldwide hosting providers, mobile ISPs, and data centers, executing JavaScript to avoid detection. It seems the capabilities of the actors behind the bots are quite extensive and the criminals can test as many as 1.7 million gift card account numbers per hour.

Read more: Massive Gift Card Fraud Bot Discovered, 1,000 Customer Websites Attacked Already
 

larry goes to church

Level 3
Verified
Mar 10, 2017
103
I'm surprised we are seeing more of these attacks already.
This seems like the type of attack that has most likely been going on for awhile and they just don't know.

The good 'ol "its not if you've been hacked, its when you'll be hacked" applies here when i think about this scenario.
These systems need to be developed with security in mind not just usability especially when money is involved.

Since its not CC transactions though I can understand why there is no standards for this.
 

Danielx64

Level 10
Verified
Well-known
Mar 24, 2017
481
Maybe it just me but I am starting to see cards that has like a 4 digit pin that needs to be used. Also in the case of some prepaid credit cards you have one id for checking the balance while the other id is used at the checkout when you go to use it.
 
  • Like
Reactions: frogboy

Amelith Nargothrond

Level 12
Verified
Top Poster
Well-known
Mar 22, 2017
587
It's not the first massive gift cards fraud. We recently had one on Facebook, which involved airline tickets. One of my friends got "robbed". And the things is they profit from people's naivety. Best practice: if it's to good to be true, "shift+delete".
 
  • Like
Reactions: _eR_

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top