Massive Gift Card Fraud Bot Discovered, 1,000 Customer Websites Attacked Already

March 24, 2017

A new bot targeting card payment processes on websites was spotted in the wild. Called GiftGhostBot, the bot is trying to defraud consumers of the money loaded on gift cards from a wide range of retailers around the globe, with attacks being noticed on almost 1,000 customer websites. Unfortunately, any website with gift card processing capabilities could be a target. 

The attacks were noticed by the Distil Networks Security Analyst team. It seems that starting on February 2016, 2017, bot activity on customer websites with gift card processing capabilities spiked.

The tactic involves fraudsters using malicious automation to test a rolling list of potential account numbers and requesting each balance. If they are successful in obtaining the balance, fraudsters can resell the account number on the dark web or use it to purchase goods.

GiftGhostBots are reportedly being distributed across worldwide hosting providers, mobile ISPs, and data centers, executing JavaScript to avoid detection. It seems the capabilities of the actors behind the bots are quite extensive and the criminals can test as many as 1.7 million gift card account numbers per hour.

Read the Article

Previous Article
Securing Business: Cybersecurity News & Analysis
Securing Business: Cybersecurity News & Analysis

Next Article
Are 'bad bots' Weaponizing Data Centres to Spread Fake News?
Are 'bad bots' Weaponizing Data Centres to Spread Fake News?

Bad bots accounted for 20 percent of all web traffic last year, according to new research from Distil Netwo...