Consumers reportedly lost $148m during the first nine months of this year in scams where gift cards (opens in new tab) were used as the form of payment according to a new data spotlight (opens in new tab) from the Federal Trade Commission (FTC).
Scams demanding gift cards often begin with a phone call from someone impersonating a well-known business or government authority.
For instance, many people reported to the FTC that a scammer posing as an Amazon or Apple employee told them to send pictures of the numbers on gift cards in order to fix a security problem with their account. Others reported that a scammer claiming to be from the Social Security Administration (opens in new tab) said their bank accounts would be frozen as part of an investigation and that they should buy gift cards to avoid arrest or to secure access to their money.
At the same time, scammers prefer certain gift cards over others and in the first nine months of 2021, $35m was lost to fraud using Target (opens in new tab) gift cards followed by gift cards for Google Play ($17m), Apple ($16m), eBay ($10m) and Walmart ($6m).
In addition to telling victims which gift cards to buy, scammers also tell them where to buy them. Victims reported that a scammer sent them to several store locations to make multiple purchases and to stay on the phone with them the entire time to avoid detection and ensure they didn’t call anyone for help.
New Grinch Bot variant
The cybersecurity firm Kasada (opens in new tab) also observed an uptick in online gift card fraud attempts as well as a new Grinch Bot variant that has been making holiday shopping more difficult for consumers.
As shoppers are seeing more empty shelves at stores, many have turned to purchasing gift cards as presents this year. In fact, a survey (opens in new tab) from Blackhawk Network predicted that gift cards will make up 40 percent of total gift purchases this holiday shopping season, making them an ideal target for scammers.
Over the past two months, Kasada has observed gift card balance lookups quadruple which is a key indicator that scammers are using bots to identify and steal gift card balances. To make matters worse, stolen gift cards are typically spent before they are received as gifts, so many people may unintentionally be giving zero-balance gift cards as presents.
During this holiday shopping season, Kasada saw a heightened use of all-in-one bots (AIO) which automate the scanning and checkout process for highly coveted items like the Xbox Series X (opens in new tab) and PS5 (opens in new tab). The firm also discovered a new Grinch Bot (opens in new tab) that replays stolen telemetry through an API to allow it to bypass legacy anti-bot detection methods.
“As we approach 2022, the frequency and severity of bad bots continue to threaten online businesses. The level of sophistication we are witnessing within the botting community is at an all-time high as they continue to collaborate and improve upon their methods to conduct online fraud and generate profits through the use of malicious automation.”