Cash gets extracted daily from over 100,000 inboxes by a Gift Card Gang

September 9, 2021
infected email accounts 100000 inboxes gift card gang

One of the many successful ways attackers do their job is through a safe and slow approach – stealing a small amount of money from victims over a long period of time – a technique of which enables them to avoid the detection of authority. An example of this is a story of a cybercrime organization that extracts from over 100,000 email inboxes every day wherein they steal even the smallest amount of gift card and customer loyalty promotions and then resell everything they extract online. 

This group of threat actors has been eyed on by an unknown security source for several years. The group has been reported to mass-test up to millions of usernames and passwords through a major and international email provider every single day. The source also reported that the threat group does an average of five to ten million email verification attempts each day and can obtain over 100,000 inbox information that successfully works. 

Based on the investigations of the unknown security source, the gift card gang simply operates on customized and automated scripts which intermittently log in and searches each of the victim’s inboxes for any valuable items that they can resell. The threat group seemed to be particularly fixated on acquiring gift card information from the inboxes through this investigation. 

Moreover, the threat group does not really download every email of their victims because it can eat up a large amount of their data. So, instead, the threat group uses automated programs in logging in to the inboxes and then looks for various domain names and keywords related to any organizations or companies that possibly offer loyalty points and programs, and gift cards. The source’s data says that the threat group is very active in specifically seeking after the gift cards. It has become a routine for them to seek it on behalf of the victims in any opportunity that arises. 


The Trail of the Gift Card Gang 

A large number of compromised emails have come from the ISPs (Internet Service Providers) situated in Germany and France, as added to the reports of the unknown security source. 

Determining which ISPs and email servers own the most extensive list of exploited customer emails and identifying which companies have infected email accounts is not easy. The process has become more challenging now because many companies have utilized cloud service providers such as Gmail and Microsoft Office 365, a place where clients can access their information and workspaces on a central site. In addition, it is also another challenge to identify the amount of activity that investigators could not be seeing. 

Microsoft has previously stated that they are creating new ways to avoid using passwords and advance their security through steps of the user login verification process. This is due to how many corporate accounts are being exploited with attacks every month. 

A statement from Microsoft has concluded that over 99.9% of account risks have been prevented because of the implementation of the multi-factor authentication login process. 

About the author

Leave a Reply