Leading cyber security company, Distil Networks, has detected a recent attack which targeted nearly 1,000 eCommerce sites. Distil detects and mitigates bad bots from abusing websites and this specific attack was targeting gift card balances.
They are calling it the GiftGhostBot. Fraudsters are writing automated scripts loaded with numerical combinations in order to guess user gift card codes to then steal their cash or use it to purchase goods. They do this at a high frequency, reportedly up to 1.7 million attempts per hour. If the gift card code and balance are a match, the fraudster gets logged into the account. There is no authentication needed. They then either use the cash to buy goods, or resell the card numbers on the black market.
Distil says you’re at risk if you accept gift cards on your site, regardless of what industry you’re in. The GiftGhostBot is considered to be an advanced persistent bot, which essentially means it’s extremely sophisticated and hard to detect. For example, the bots are coming from hundreds or thousands of IP addresses and they are able to imitate browsers, execute javascript, etc…
Here’s a few things you can do about the Gift Card Bot:
– As a consumer, check your balance and create a screenshot of it with the timestamp so you have some proof.
– Use your gift cards quickly
– Retailers can put a captcha on that page, but keep in mind, this will only keep out simple bots. They are fairly easy to defeat.
– Distil has provided known IPs in the attack. If you’re a retailer, use this information. You should also consider a security solution that will detect this traffic and keep you informed in real-time. You can actually block this traffic from hitting those pages.
– Retailers can rate limit the check balance pages, but keep in mind, sophisticated attacks will only send 1 or 2 requests on each IP, and across hundreds of them.
Leave a Reply