Representative Image Photo | Express
Xplore

How to spot and guard against gift card scams

Between March and May 2024, ahead of the summer holiday season, Microsoft observed a 30% increase in intrusion activity by Storm-0539.

Express News Service

BENGALURU : Of late, gift cards have become one of the attractive targets for scammers. Be it sending a message, mail or requesting you to check the balance on gift cards, scammers go after them all. 

McAfee says some scammers go to greater lengths by setting up phony online stores that only accept payment with gift cards. It says there are many gift card balance-checking sites that are actually phishing sites. 

In its recent report, Microsoft warns against gift card frauds that are performed by Moroccan cybercriminals. In the report titled ‘Cyber Signals: Inside the growing risk of gift card fraud’, Microsoft reveals significant findings on the activities of Storm-0539, a cybercriminal group exploiting cloud and identity services to compromise gift card issuers. 

Between March and May 2024, ahead of the summer holiday season, Microsoft observed a 30% increase in intrusion activity by Storm-0539. Between September and December 2023, it observed a 60% increase in attack activity, coinciding with fall and winter holiday. 

The attack chain includes:

  • Using employee directories and schedules, contact lists, and email inboxes, Storm-0539 targets employees' personal and work mobile phones with smishing texts.

  • Once an employee account at a targeted organisation is infiltrated, the attackers move laterally through the network, trying to identify the gift card business process, pivoting toward compromised accounts linked to this specific portfolio.

  • They also gather information on virtual machines, VPN connections, SharePoint and OneDrive resources, as well as Salesforce, Citrix, and other remote environments.

  • After gaining access, the group creates new gift cards using compromised employee accounts.

  • They then redeem the value associated with those cards, sell the gift cards to other threat actors on black markets, or use money mules to cash out the gift cards.

Microsoft says that historically, payment and gift card fraud is associated with sophisticated malware and phishing campaigns. However, this group leverages their deep knowledge of the cloud to conduct reconnaissance on an organisation's gift card issuance processes, gift card portals, and employees with access to gift cards. 

How to avoid scams 

  • Keep an eye on unsolicited emails, texts, that claim providing something that is too good to be true.

  • Be careful while posting your email id or phone number on social media.

  • Also, if somebody is asking you to act immediately, it is a sign of fraudulent activity.

  • Always remember that gift cards are for gifts and not for payments.

Follow The New Indian Express channel on WhatsApp 

Download the TNIE app to stay with us and follow the latest

Add TNIE As A Trusted Source

Also Read

Indian student found dead in California, six days after going missing

The She vote in Bangladesh and how it has placed the victorious BNP on notice

Five youths killed as speeding car hits divider, collides with KSRTC bus in Bengaluru

No-confidence move against Speaker Om Birla revives debate on seven-year vacancy of Dy Speaker’s post

Trust will define Dhaka’s new era

SCROLL FOR NEXT