Black Friday warning: Beware of online gift fraud, profiteering, say cybersecurity experts
"Digital gift card fraud is a $950 million annual loss to the industry" and "represents between 1 percent and 4 percent of revenue," says DJ Murphy of CardNotPresent.
The Facts Inside Our Reporter’s Notebook
Cyber security companies are warning consumers and retailers again this year about cyber safety, urging that consumers secure their online accounts and exercise caution when purchasing and using gift cards.
"While digital businesses around the globe are gearing up to end the year strong, fraudsters are ready to foil their plans," anti-fraud technology provider Arkose Labs warns in a report. The company anticipates an estimated 50% increase in attack volumes during this holiday season.
During the 2020 holiday season, "Grinch bots" or "scalper bots" ruined the holiday season for many, Sam Crowther, founder and CEO of Kasada, told Just The News.
The bots automatically buy up supplies of in-demand items and then flip the hoarded inventory at steep markups through online auction sites like eBay and Craigslist.
This activity has only gotten worse this year, he says.
"After careful analysis of billions of bot interactions from Kasada's retail customers, our researchers found that automated gift card balance lookups have quadrupled over the past two months," Crowther says. "This fact suggests that bad bots are increasingly being used to steal gift card balances as we lead up to peak holiday shopping. In addition to making in-demand items like PlayStation 5 extremely difficult to purchase, bad bots are poised to ruin the holidays by stealing gift cards. With gift cards now serving as the stopgap for global inventory shortage, both retailers and consumers need to be on highest alert to stop Grinch bots from ruining our holidays."
The global prepaid gift card industry surpassed $2 trillion last year, according to estimates by Global Industry Analysts. The market could reach $4.1 trillion by 2027, Bloomberg News reports, roughly 50% higher than original estimates, primarily because more people are buying online and using cash less.
While fraud is prevalent for both physical and digital gift cards, it's higher for digital gift cards, DJ Murphy of CardNotPresent, an RX Security Portfolio Company, reports. "Digital gift card fraud is a $950 million annual loss to the industry" and "represents between 1 percent and 4 percent of revenue," Murphy says.
Arkose Labs anticipates that online merchants will experience 60% more fraud this year than last year, primarily by account takeover attacks and gift-card fraud. In its Q4 Arkose Labs Fraud and Abuse Report, the company predicts that merchants will collectively suffer as many as 8 million attacks every day during the holiday season. The attacks primarily originate from China.
"More and more consumers are creating digital accounts for various reasons, which means there are more potential accounts to compromise," the company explains. "This is especially exacerbated during the holiday shopping season when consumers open more digital accounts. Bots are integral to this because they enable fraudsters to test thousands or even millions of different credential combinations in a short period of time."
Credential stuffing attacks during the 2020 holiday season increased by 56%, and 3 billion attacks occurred over the past year, nearly double the number over the previous 12 months, the report adds.
Stealing personal information from someone's account isn't the only way cyber thieves operate. In 2021, digital businesses saw "a massive influx of fake new accounts disguised as legitimate users," according to the report. "In Q3 alone, the Arkose Labs Network detected 560 million attacks on registration flows, nearly 4 times the volume since the beginning of the year."
Kasada also says it's seeing a growing trend of fraudulent sites like https://sellix.io/Jimmysgc/group/5fc2caa7dcc07, which pops up on the Internet. This site advertises gift cards for popular retailers at steep discounts but allegedly takes people's money instead, it warns.
"Bot fraud activities have shifted from the Dark Web to the Main Street internet, making it difficult for consumers to discern between legitimate and stolen gift cards," Crowther says.
Another aspect of fraud is purchasing stolen gift cards. "If the gift cards are legitimate, they may have been subject to 'card cracking,'" Crowther says, which are cards that are bought with stolen credit card numbers, or they're being used to launder money for other kinds of crimes.
The best way for consumers to protect themselves is not to purchase online gift cards but to buy them directly from retailers, chain restaurants, or other credible sources, Crowther says.
Consumers should also frequently change their usernames and passwords and not use the same credentials across different websites. Using a multifactor authentication is also recommended.