Microsoft warns us all to be wary of this devious gift card scam this holiday season

Representational image of a hacker
(Image credit: Shutterstock)

Retail organizations everywhere are being increasingly targeted with phishing attacks as hackers look to commit gift card fraud this holiday season, experts have warned.

A new Microsoft thread posted on X outlines what the company calls a “significant surge” in activity from a threat actor it tracks as Storm-0539. The hackers would first create a malicious landing page and try to get retailers to open them via “highly sophisticated email and SMS phishing”.

These pages allow them to mount adversary-in-the-middle (AiTM) attacks which steal people’s login credentials and session tokens. Those, in turn, allow the threat actors to bypass multi-factor authentication (MFA) and remain in the target environment for longer.

In it for the money

"With each successful compromise, Storm-0539 escalates privileges, moves laterally, and accesses cloud resources to collect specific information," Microsoft says. "Storm-0539 enumerates internal resources and identifies gift card-related services that can be used for gift card fraud."

Furthermore, the hackers use their access to the endpoints to harvest emails, contact lists, and network configurations, which they could use in future attacks against the same organizations, Microsoft added, hinting at the possibility of ransomware infections further down the line. 

To protect against these attacks, the company recommends "building credential hygiene, using security defaults, and securing identities to defend against this threat."

An earlier Microsoft 365 Defender report described Storm-0539 as a financially motivated group active since at least 2021, TheHackerNews reminds. 

"Storm-0539 carries out extensive reconnaissance of targeted organizations in order to craft convincing phishing lures and steal user credentials and tokens for initial access," Microsoft said in its report. "The actor is well-versed in cloud providers and leverages resources from the target organization's cloud services for post-compromise activities."

Stealing gift cards is one of the more popular cybercriminal activities as they’re difficult to trace. Many hackers who steal cryptocurrency decide to spend it on gift cards for the very same reason.

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.