Blog

2024 Holiday Season Cyber Threats: Gift Card Fraud & Phishing Schemes on the Rise

In this post, we explain the two biggest online threats facing retailers this year’s holiday season. For a deeper dive, Flashpoint customers can read the full analyst reports in Flashpoint Ignite.

Default Author Image
Flashpoint
December 10, 2024
Table Of Contents
Table of Contents
Holiday Threat #1: Gift Card Fraud
Holiday Threat #2: Phishing and QR Codes
Enhance Retail Security with Flashpoint
More
subscribe to our newsletter

Online sales are projected to surpass a staggering $1 trillion USD in 2024 this holiday, according to Forrester. However, while retailers enjoy the flood of eager shoppers, they will also be faced with threat actors seeking to exploit the festive rush leveraging a wide range of gift card fraud and phishing scams.  

By understanding how these attacks unfold, retailers can take proactive steps to educate their consumers and protect them from financial loss and identity theft—ultimately fostering a safer online shopping environment for everyone. 

Here’s what you can expect for the upcoming holiday season:

Holiday Threat #1: Gift Card Fraud

Flashpoint has observed a noticeable increase in Chinese threat actors conducting and recruiting for gift card fraud campaigns targeting American shoppers, leveraging what is known as gift card draining to activate stolen or fraudulently obtained gift cards to purchase electronics and luxury items.

Gift card draining is a type of fraud where threat actors retrieve stolen gift cards from various retail vendors or obtain them through social engineering schemes. This takes place through a three step process:

  1. Acquisition: Gift cards are stolen through various means, including data breaches, online theft, and social engineering schemes. Or, they are taken from store displays, recorded, and placed back on shelves.
  2. Draining: Software is used to monitor compromised gift card numbers and swiftly drain funds once a card is loaded by an unsuspecting customer.
  3. Resale or Conversion: Stolen funds are used to purchase high-value goods which are then resold for profits, or are converted to fund illicit activities.
Example of illicit advertisement recruiting for gift card scams (Source: Flashpoint)
Translation

Recruiting high-paying business opportunity with a monthly salary of more than 10,000 US dollars…Welcome to consult…

Salary: Negotiable

Classification: Marketing

Contact: 6266271839

Description: Financial Trading Group…Recruit Agent…Buyer…Business Background

Requirement: Good at communication…No need for English communication…Can expand the market.

Contact: Add my WeChat for more details
When contacting me, please say that you saw it on the American Job Network😎

MITRE ATT&CK Mapping for Gift Card Fraud

The MITRE ATT&CK framework is a knowledge base of adversary tactics and techniques based on real-world observations. Here are the common ATT&CK techniques being leveraged in gift card fraud schemes:

  • Phishing (T1566)
  • Social Engineering (T1203)
  • Credential Dumping (T1003)
  • Account Manipulation (T1098)
  • Data Manipulation (T1203)
  • Exploitation of Vulnerabilities (T1203)
  • Use of Automated Tools (T1586)
  • Insider Threats (T1086)

Holiday Threat #2: Phishing and QR Codes

A new holiday threat this year is the growing trend of malicious QR codes. It is common for retailers to incentivize consumers to shop online by offering coupon codes and discounts. However, organizations need to be aware that threat actors are capitalizing on this practice by tampering with, or sharing malicious QR codes.

Phishing is a typical component of QR code fraud, in which victims are duped into scanning codes sent by email. QR codes are sent within emails as part of phishing expeditions designed to fraudulently obtain user credentials or direct users to websites where malware is automatically downloaded:

  1. Attacker initiates QR session and clones a login QR code to a phishing website
  2. Attacker sends phishing page to victim
  3. Victim scans QR code with mobile app
  4. Attacker gains control of victim account
  5. A legitimate service exchanges victim’s data with the attacker

Both the public and private sectors have struggled to contain this emerging threat as more than 62% of American consumers are unaware of QR code fraud. Retailers should educate customers to use a QR code reader to display and verify the destination URL for legitimacy, avoid shortened URLs, and use a mobile security app that can scan QR codes for potential threats.

While consumer education on verifying QR codes before scanning can help, retailers will need to take more proactive measures to identify fraudulent codes and the threat actors behind them. A combination of user awareness, industry safeguards, and legal deterrence could curb criminal exploitation and maintain the convenience of QR codes.

Enhance Retail Security with Flashpoint

The holiday season presents a unique set of cybersecurity challenges. By understanding the evolving threat landscape and taking proactive steps to mitigate risks, organizations can safeguard their operations, protect their customers, and ensure a successful holiday season.

Flashpoint’s threat intelligence provides the knowledge and tools necessary to effectively combat phishing, gift card fraud, and other emerging threats. Learn actionable strategies in how to prevent these threats by downloading Flashpoint’s Complete Guide to Credit Card Fraud Prevention.

See Flashpoint in Action

Get a Demo

Contact Sales