FBI warns U.S. retailers that cybercriminals are targeting their gift card systems

The FBI is warning U.S. retailers that a malicious, financially motivated group of hackers has been targeting employees with phishing attacks in an attempt to create fraudulent gift cards.

Employees in the offices of U.S. retail companies have been the target of highly sophisticated email phishing and SMS phishing (“SMS phishing”) attacks. These attacks attempt to gain access to employee accounts, IT systems and cloud services used by the company.

Once access is gained, cybercriminals target other employees to move laterally through the network. They attempted to steal passwords and SSH keys, which ultimately allowed them to create unauthorized gift cards.

Gift cards are a popular and convenient gift option, but their ease of use makes them a prime target for scammers.

In 2023 alone, gift card fraud cost consumers a whopping $217 million.

“Card churning” is a particularly insidious tactic in which scammers collect information about gift cards that have not yet been purchased. Then, when unsuspecting consumers purchase these gift cards, scammers can use the stolen gift card details to make purchases.

But STORM-0539, the group the FBI warned about its activities, does more than just steal gift card information. It is also interested in collecting employee data and network configuration details. These details may then be sold to other cybercriminals or used in wider attacks at a later date.

The cybercriminal group STORM-0539, also known as Atlas Lion, has been active since at least 2021.

They are also known for their persistence. Even after organizations implement defensive measures, the STORM-0539 gang uses a variety of techniques to continue their attacks.

Before the FBI issued a warning Similar alerts In December, Microsoft released information about an increase in STORM-0539 activity during the holidays.

In the past, scammers have also taken gift cards off store shelves, recorded the gift card’s activation message, and then replaced it with a decoy. The criminals then place the compromised cards back on the shelves, waiting for unsuspecting customers to purchase them before ultimately using the victims’ funds to make fraudulent purchases.

As a result, some state lawmakers have been pushing for stronger legislation mandating safer gift card packaging.

Editor’s note: The opinions expressed in this guest author article are those of the contributor and do not necessarily reflect the views of Tripwire.