INFRA
INFRA
INFRA
GiftGhostBot targets e-commerce sites to steal gift card balances
A new bot is checking the balance of electronic gift cards in order to defraud legitimate card owners, cybersecurity firm Distil Networks Inc. has discovered.
Dubbed GiftGhostBot, the advanced persistent bot launches brute-force attacks against online retailers that accept gift cards. The bot queries randomly generated gift card numbers against the targeted e-commerce sites to see if the card number is valid and how much the card holds.
Each positive response is logged, allowing the criminals behind the bot either to resell the confirmed gift card numbers on the dark web or to use them to purchase goods. “For a cyber thief, the beauty of stealing money from gift cards is that it is typically anonymous and untraceable once stolen,” Distil said in a blog post.
The GiftGhostBot is said to be distributed across worldwide hosting providers, mobile internet service providers and data centers, avoiding detection by using JavaScript software code to pretend that it is a normal browser query.
Distil said that it has detected the bot attack on its network affecting nearly 1,000 customer websites around the world and is recommending consumers check their gift card balances in case of fraud.
The attack also has real-world consequences for all gift card users on any site. Many companies are now telling customers to call to check their balances. The problem is that either companies have taken the function offline to prevent these bot attacks, or the volume of the attacks, which constitutes a distributed denial of service attack, has made the gift card checking features unaccessible.
“Any consumer who has a gift card from any retailer could find the card no longer contains funds and are the victim of fraud,” Distil concluded. “Consumers may suffer from a loss of faith in gift cards and make an irate call to the company that issued the gift card if they see their account balance disappear. Assuming the gift card is not FDIC protected or registered, if the issuing company doesn’t replenish the amount, the consumer relationship is damaged.”
Image: Isobot/ Wikimedia Commons
A message from John Furrier, co-founder of SiliconANGLE:
Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.
- 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
- 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
