It's the gift that keeps on giving for cybercriminals. The accounts connected to gift cards are being wiped out as quickly as a teenager with cash at a shopping mall.
Luxury retailers, supermarkets, and major coffee distributors with gift card processing capabilities are all the target of a new widespread cybersecurity attack.
Hackers are using a bot, dubbed GiftGhostBot, to test a list of potential gift card account numbers at a rate of 1.7 million gift card numbers per hour. It is believed that once they correctly identify gift card numbers, they are draining balances for resale on the dark web. On one retail customer site, there have been peaks of over 4 million requests per hour, nearly 10 times their normal level of traffic.
The company that identified the attack, Distil Networks, has tracked activity on nearly 1,000 customer websites. In several instances, over half of the traffic on the website was on the gift card page alone, indicating a very targeted attack.