With the holiday season well underway, a threat group with a history of gift card scams is ramping up its efforts, according to Microsoft.
The group has been around since at least late 2021, with Microsoft noting last month that Storm-0539 is a financially motivated group that typically targets retailers for such gift card schemes.
In the latest phishing campaigns, Microsoft researchers wrote that the bad actors use URLs that, if clicked on by the target, lead to adversary-in-the-middle pages through which they steal credentials and session tokens.
With those in hand, Storm-0539 attackers can register their own devices that will receive secondary authentication prompts, allowing them to bypass multifactor authentication protections and gaining persistence in the victim's environment by using the fully compromised identity, the researchers wrote.
Along with the gift card scams, the threat group also access other information, from email and contact lists to network configurations, which can be used in later attacks against the same organizations.
Gift card scams have long been a threat to retailers and consumers.
The U.S. Federal Trade Commission earlier this year warned consumers about such schemes and gave tips for avoiding and reporting them.
There are a number of different stories that bad actors will tell potential victims, including saying they're from a government agency like the IRS or Social Security Administration, or from tech support from a company like Apple or Microsoft saying there's a problem with the victim's computer, the agency wrote.
They also may say they're a family member or friend in an emergency, that the victim has won a prize, or that they're from a utilities company.
They ask the victim for money after chatting on a dating website.
Threat actors will record information like the card and associated pin numbers of gift cards that have not yet been bought.
Scammers also may take gift cards off the shelves and take them somewhere else, putting decoy items in their place, according to USA Today.
After getting the information from the gift cards, they put the cards they tampered with back on the shelves and wait for people to buy them.
This Cyber News was published on securityboulevard.com. Publication date: Mon, 18 Dec 2023 15:43:04 +0000