Microsoft researchers have issued a warning about a new cyber attack involving the theft of gift cards, carried out by a group of malicious actors known as Storm-0539. These actors infiltrate retail platforms using techniques such as ‘phishing’, ‘smishing’, and token theft in order to create gift cards and steal products.
Retail gift cards are particularly vulnerable to fraud and social engineering practices by cybercriminals, as they do not have customer names or bank accounts associated with them, making it easier for suspicious use without being identified. Storm-0539 has taken gift card-based theft to a new level by using phishing techniques, smishing, device registration, and token theft to gain access to corporate systems and employee accounts of large retailers.
The Microsoft Threat Intelligence team highlighted this increase in activity from the threat actor group in their latest report, Cyber Signals. The group, also known as ‘Atlas Lion’, has been able to fraudulently generate gift card codes and use them to steal products from businesses. This type of fraud has increased by 30 percent between March and May 2024, particularly during American holidays like Thanksgiving, Black Friday, and Christmas.
Microsoft emphasized the sophistication of Storm-0539 and their ability to take advantage of cloud environments. The group remains infiltrated in systems after completing scams to continue generating card codes regularly. They also use extensive research on the gift card business process, identity service providers, and employees of target organizations to acquire recognition and camouflage capabilities.
In addition to impersonating non-profit organizations to gain access to free cloud resources and domains, Storm-0539 also implements conditional access policies and educates company security teams on social engineering tactics. Microsoft recommends that organizations treat gift card portals as high-value targets for cybercriminals, conduct continuous supervision, perform audits for anomalous activities, and implement security measures to prevent falling victim to these types of scams.
At the Diamond League meeting in Paris, world records were broken less than a month…
Damian Priest faced a setback during the World Heavyweight Title match at WWE Money in…
Technology experts are warning about the dangers of allowing your devices to overheat, especially in…
Hi Sun Technology (China) Limited (HK:0818) recently made an important announcement regarding the disposal of…
The Philadelphia Phillies faced a tough loss to the Atlanta Braves with a final score…
The Miami Dolphins made several significant changes to their defense during the offseason, releasing Xavien…