Gifts of the Dark Web: Auto-Generated Gift Codes
The most popular interests of online shoppers are earning or using gift cards, reward points, and coupons. During the holiday season, e-commerce sites increase the distribution of gift cards and rewards in response to customer interest.
However, threat actors find ways to exploit this response to create their own rewards. This violates the rules established by e-commerce sites, and actual customers may have to deal with their codes suddenly expiring due to already being used, or the vendor might lose profit.
Cases where threat actors share auto-generated gift codes or offer a code generator, are frequently observed on the dark web forums.
Click the button below to read the report.
Fake Code Generators
A threat actor shared a gift card generator for various platforms and applications, including Amazon, eBay, PayPal, and Netflix. Threat actors are often seen sharing or selling these generators or credit card checkers.
Free Gift Cards
A threat actor on the dark web provided instructions for obtaining gift cards from a shopping reward app. The threat actor could claim gift cards on Amazon and Google Play by exploiting an unpatched vulnerability. They created fake receipts by using another app and used the receipts to gather gift cards and reward points.
In the wild, there are numerous different exploits. Threat actors use them to make money. They use it, share it, and then sell it to further their goals.
For more information and other dark web posts like in this blog, check out the full E-Commerce Threat Landscape Report.