Gift cards, loaded with prepaid money, are one of the most targeted virtual items this Holiday Season. Scammers are not just using social engineering but also deploying WebCrawler bots that are scraping gift card information, and emptying balances.
Scammers have already looted close to $150 million this year. More than 40,000 consumers have not just suffered monetary losses, but have also had to endure the embarrassment of gifting cards with zero balance.
Until recently, scammers have attempted to lure their victims by claiming to belong to a reputed online company such as Amazon, Google, Apple Inc. etc. These “agents” attempt to extract the gift card information from their victims by giving multiple reasons. Essentially, scammers attempt to scare people into handing over the information.
In addition to these primitive but still highly effective methods, scammers have now reportedly stepped up their game. Many such unscrupulous agents have a preference for a few categories of gift cards. One of the most preferred gift cards is of Target, followed by Google Play, Apple Inc., eBay, and last but not least, Walmart.
It appears scammers have a new Grinch Bot variant that attempts to identify and steal gift card balances. Cybersecurity firm Kasada claims it witnessed an exponential increase in all-in-one bots (AIO) which automate the scanning and checkout process for highly coveted items like the Xbox Series X and PS5. The Grinch Bot variant even replays stolen telemetry through an API to trick legacy anti-bot detection methods.
Cybersecurity experts advise never to give away the gift card number. Secondly, scammers often pressurize their potential victims into acting quickly. This behavior is a big red flag. And finally, consumers must know that gift cards are never meant for actual payments (utilities, services, taxes, etc.). They are prepaid cards that exchange money for gifts or merchandise.