Distil Networks, the company that identified the attack, has tracked activity on nearly 1,000 customer websites. Hackers are using a bot, dubbed GiftGhostBot, to test a list of potential gift card account numbers at a rate of 1.7 million gift card numbers per hour, according to CSO Online.
Once the bot correctly identifies gift card numbers, fraudsters are draining balances for resale on the dark web. On one retail customer site, there have been peaks of over 4 million requests per hour, nearly 10 times their normal level of traffic.
“GiftGhostBot operators are moving quickly to evade detection, and any retailer that offers gift cards could be under attack at this very moment,” said Rami Essaid, CEO of Distil Networks.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now