On July 4th, many Americans barbeque, watch baseball and go to fireworks shows. In 2020, U.S. consumers added a new ritual to that list – get targeted by bad actors seeking to scam them out of their online gift card balances. For the first time ever, we tracked a significant “credential stuffing” attack leading up to and over July 4th. Cybercriminals obtained validated password and username combos from the Dark Web. The fraudsters used them for attacks across a broad range of online sites such as home goods and clothing. The authentication of an account with a valid password and username pair gave the cybercriminals unauthorized access to online gift card accounts. We believe the cybercriminals were counting on the tendency of people to reuse the same username or email and password across multiple sites, a well known cyber security flaw. They were betting that some of those accounts held significant card values. As you can see from the chart below, the patriotic holiday attracted a nasty spike of egift card bot attackers.
Figure: July 4th e-gift card bot attack (in red).
What’s more, the July 4th cybercrime spree was not even an outlier. At PerimeterX we are seeing spikes in these types of carding attack and gift card scams on every significant holiday, including Memorial Day, Mother’s Day, Father’s Day, Thanksgiving and Valentine’s Day.
Figure: Memorial Day e-gift card bot attacks (in red).
In our analysis, every major holiday is now a gift card hacking day for scammers looking to make money through gift card hacks on shoppers. This is logical – the hackers are going where the money is and the money has flooded into online gift cards. Many retailers are reporting monthly sales and traffic on their digital properties that rivals the peaks a retailer’s website (Read more…)
*** This is a Security Bloggers Network syndicated blog from PerimeterX Blog authored by PerimeterX Blog. Read the original post at: https://www.perimeterx.com/resources/blog/2020/gift-card-hacking-now-a-part-of-every-holiday/