A group of cybercriminals dubbed “Jingle Thief” is using phishing techniques to gain access to gift card systems, then issuing cards to resell for personal profit.
Researchers from cybersecurity company Palo Alto Networks uncovered the group’s tactics as Jingle Thief targeted the cloud infrastructure of retail and consumer services companies. Once inside, the bad actors search for the mechanisms that allow them to issue gift cards and work to cover their tracks.
Gift cards have become a growing target for cybercriminals because of their ubiquity in retail and e-commerce, both for gifting and self-use. Prepaid products can be redeemed easily and require little personal information from the purchaser, making it harder for authorities to track and identify those who exploit them.
Stopping the Drain
More regulators have been taking steps to mitigate gift card fraud. For example, Maryland recently passed a law aimed at combating gift card draining scams, which have become prevalent.
In this scam, criminal networks largely target retail cards sold in stores. Bad actors tamper with the packaging to obtain the card number and then return the compromised card to the shelf. Once an unsuspecting consumer purchases and loads funds onto the card, the criminals quickly drain the balance for their own use.
To address this issue, legislation such as Maryland’s bill requires secure packaging for gift cards, mandates that merchants register with the state, and calls for employee training to help prevent fraud.
A Tribute to Success
The threats against gift cards and prepaid providers are, in many ways, a tribute to their success. Consumers increasingly prefer cash and cash equivalents as gifts, but buyers are often reluctant to give cash because it is less secure and impersonal. That’s why gift cards have become one of the most popular gifts year-round—and especially during the holidays.
Unfortunately, the boom in gift card sales and usage around the holidays also creates vulnerabilities criminals can exploit. In fact, the Jingle Thief group earned their moniker because they are particularly active around the holidays.
