Consumers reportedly lost $148m during the first nine months of this year in scams where gift cards were used as the form of payment according to a new data spotlight from the Federal Trade Commission (FTC).
Scams demanding gift cards often begin with a phone call from someone impersonating a well-known business or government authority.
For instance, many people reported to the FTC that a scammer posing as an Amazon or Apple employee told them to send pictures of the numbers on gift cards in order to fix a security problem with their account. Others reported that a scammer claiming to be from the Social Security Administration said their bank accounts would be frozen as part of an investigation and that they should buy gift cards to avoid arrest or to secure access to their money.
At the same time, scammers prefer certain gift cards over others and in the first nine months of 2021, $35m was lost to fraud using Target gift cards followed by gift cards for Google Play ($17m), Apple ($16m), eBay ($10m) and Walmart ($6m).
In addition to telling victims which gift cards to buy, scammers also tell them where to buy them. Victims reported that a scammer sent them to several store locations to make multiple purchases and to stay on the phone with them the entire time to avoid detection and ensure they didn’t call anyone for help.
New Grinch Bot variant
The cybersecurity firm Kasada also observed an uptick in online gift card fraud attempts as well as a new Grinch Bot variant that has been making holiday shopping more difficult for consumers.
As shoppers are seeing more empty shelves at stores, many have turned to purchasing gift cards as presents this year. In fact, a survey from Blackhawk Network predicted that gift cards will make up 40 percent of total gift purchases this holiday shopping season, making them an ideal target for scammers.
Over the past two months, Kasada has observed gift card balance lookups quadruple which is a key indicator that scammers are using bots to identify and steal gift card balances. To make matters worse, stolen gift cards are typically spent before they are received as gifts, so many people may unintentionally be giving zero-balance gift cards as presents.
During this holiday shopping season, Kasada saw a heightened use of all-in-one bots (AIO) which automate the scanning and checkout process for highly coveted items like the Xbox Series X and PS5. The firm also discovered a new Grinch Bot that replays stolen telemetry through an API to allow it to bypass legacy anti-bot detection methods.
“As we approach 2022, the frequency and severity of bad bots continue to threaten online businesses. The level of sophistication we are witnessing within the botting community is at an all-time high as they continue to collaborate and improve upon their methods to conduct online fraud and generate profits through the use of malicious automation.”
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.