One of the most targeted virtual items this holiday season is gift cards, loaded with prepaid money. The crooks not only use social engineering, but also deploy WebCrawler bots that grab information from gift cards and empty balances.
The crooks have already looted nearly $ 150 million this year. Over 40,000 consumers not only suffered monetary losses, but also had to endure the embarrassment of offering gift cards with zero balance.
Until recently, crooks tried to lure their victims by pretending to belong to a reputable online company such as Amazon, Google, Apple Inc., etc. These “agents” try to extract the information from the gift card of their victims, giving several reasons. Essentially, the crooks are trying to scare people into passing on the information.
In addition to these primitive but still very effective methods, crooks are now said to have stepped up their game. Many of these unscrupulous agents have a preference for a few categories of gift cards. One of the most favorite gift cards is from Target, followed by Google Play, Apple Inc., eBay and finally, Walmart.
It looks like the crooks have a new Grinch Bot variant that tries to identify and steal gift card balances. Cyber security firm Kasada claims to have witnessed an exponential increase in all-in-one bots (AIOs) that automate the scanning and payment process for highly coveted items like the Xbox Series X and PS5. The Grinch Bot variant even replay stolen telemetry through an API to trick old anti-bot detection methods.
Cyber security experts advise never to give out the gift card number. Second, scammers often pressure their potential victims to act quickly. This behavior is a big red flag. And finally, consumers should know that gift cards are never intended for actual payments (utilities, services, taxes, etc.). These are prepaid cards that exchange money for gifts or merchandise.