Retailers have been talking a lot of about bots in the last year or so, but usually the good kind — the chatbots they are employing in the name of improving customer engagement. The GiftGhostBot is not a good bot, and certainly not one you would want to start a chat with. Bad bots like GiftGhostBot are Distil's business, as it recently put out its 2017 Bad Bot Report, surveying the state of the growing trend toward bot-driven security attacks and finding that about 20% of all internet traffic last year was made up of bad bots attacking websites.
The rise of e-commerce fraud is one of the biggest stories of the last year or so in the retail sector, and it's going to be an even bigger one by the end of this year. We have been learning in recent months that e-commerce fraud is on the rise, and the gift card-focused threat is just one of many threats and different types of attacks we have seen.
The GiftGhostBot attacks are a bit different than most attacks we hear about in that these bots are specifically trying to access gift card balances, and not threatening any private customer data that retailers have locked away on their sites. Still, as Distil noted, any website could become a victim, and nearly 1,000 have been attacked already. Retailers shouldn't less urgent to attend to this threat than they would be for other potential attacks.