The FBI has issued a warning to US retailers about a financially-motivated malicious hacking ring that has been targeting employees with phishing attacks in an attempt to create fraudulent gift cards.
Staff at the corporate offices of US retail companies have been the target of highly-sophisticated email phishing and SMS phishing ("smishing") attacks. These attacks attempt to gain access to employee accounts, IT systems, and cloud services used by the company.
Once they have gained access, the cybercriminals target other employees in order to move laterally through a network. They attempt to steal passwords and SSH keys that would ultimately allow them to create unauthorised gift cards.
Gift cards are a popular and convenient gift option, but their ease of use has made them a prime target for scammers.
In 2023 alone, gift card scams were responsible for a staggering US $217 million in consumer losses.
"Card draining" is a particularly insidious tactic, which sees scammers collect information about gift cards that have not yet been bought. Later, after these are bought by an unsuspecting consumer, scammers can use the stolen gift card details to make purchases.
But the group whose activities the FBI is warning about, STORM-0539, doesn't just steal gift card information. It is also interested in collecting employee data and network configuration details. These details may later be sold on to other cybercriminals or exploited in later broader attacks.
The cybercrime group STORM-0539 (also known as Atlas Lion) has been active since at least 2021. It has become notorious for the sophisticated phishing kit that allows it to defeat multi-factor authentication (MFA) defences.
They are also renowned for their persistence. The STORM-0539 gang uses a variety of techniques to continue attacks even after an organisation has implemented defences.
The FBI's warning follows a similar alert from Microsoft in December regarding increased STORM-0539 activity during the holiday season.
In the past, scammers have also physically removed gift cards from store shelves, recorded the gift card's activation information, and replaced them with decoys. Then, the criminals return the compromised cards to the shelves, waiting for unsuspecting customers to purchase them before ultimately making fraudulent purchases using the funds of victims.
As a consequence, lawmakers in some states have been pushing for stronger legislation that enforces more secure packaging for gift cards.
Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor and do not necessarily reflect those of Tripwire.