Reading:
Gifts of the Dark Web: Auto-Generated Gift Codes

Gifts of the Dark Web: Auto-Generated Gift Codes

November 23, 2022

The most popular interests of online shoppers are earning or using gift cards, reward points, and coupons. During the holiday season, e-commerce sites increase the distribution of gift cards and rewards in response to customer interest. 

However, threat actors find ways to exploit this response to create their own rewards. This violates the rules established by e-commerce sites, and actual customers may have to deal with their codes suddenly expiring due to already being used, or the vendor might lose profit

Cases where threat actors share auto-generated gift codes or offer a code generator, are frequently observed on the dark web forums.

Click the button below to read the report.


Fake Code Generators

A gift card code generator post on the dark web. (Source: SOCRadar)
A gift card code generator post on the dark web. (Source: SOCRadar)

A threat actor shared a gift card generator for various platforms and applications, including Amazon, eBay, PayPal, and Netflix. Threat actors are often seen sharing or selling these generators or credit card checkers. 

Free Gift Cards

A dark web post describing e-gift carding methods. (Source: SOCRadar)
A dark web post describing e-gift carding methods. (Source: SOCRadar)

A threat actor on the dark web provided instructions for obtaining gift cards from a shopping reward app. The threat actor could claim gift cards on Amazon and Google Play by exploiting an unpatched vulnerability. They created fake receipts by using another app and used the receipts to gather gift cards and reward points. 

In the wild, there are numerous different exploits. Threat actors use them to make money. They use it, share it, and then sell it to further their goals. 

For more information and other dark web posts like in this blog, check out the full E-Commerce Threat Landscape Report.