Microsoft warns of major gift card fraud scheme sweeping through victims

News
By published

Make sure those gift card links are safe, Microsoft warns

Phishing phone call scams vishing - concept. Cellphone with fishing hook, credit cards, gift cards
(Image credit: Shutterstock / MargJohnsonVA)

Gift cards are a good way to fund a hobby or interest without having to spend hours agonizing over the perfect present, as they can be used in store or online using a unique code used to track the amount of money on the card.

Unfortunately, threat actors are taking advantage of the ambiguity of gift cards as an easy way to steal money from corporations without leaving a paper trail.

Phishing for clouds

Storm-0539 typically infiltrates cloud environments through complex smishing campaigns, which combines social engineering with fake text messages that trick the victims into providing access to their organizations. The group then registers their own devices with the victims authentication services to bypass multi-factor authentication, providing the threat actor with persistent access to the targeted environment.

The group then uses the compromised account to navigate through the targeted environment, hunting for access to the gift card portal while also gathering important information from Salesforce, Citrix, OneDrive and Sharepoint. Storm-0539 then uses the compromised employee accounts to generate new gift cards.

In order to avoid detection by the organizations they are targeting, the group uses a tactic known as typosquatting - where the group ‘squats’ on a domain that appears to be an authentic website, but the address actually contains a number of switched characters to blend in.

Microsoft says that gift card portals should be treated as a high priority target for threat actors, and has issued a number of security recommendations to protect against the tactics used by Storm-0539:

  • Bind MFA tokens to employee devices to prevent token replay attacks.
  • Use least privilege access principles throughout the business environment to minimize the effects of an attack.
  • Use a trusted gift card system that uses fraud prevention techniques and authenticates payments legitimately.
  • Use phishing resistant MFA solutions.
  • Implement secure password changes for high risk users, such as Microsoft Entra MFA.
  • Provide training and education to employees to help them spot fraudulent gift cards.

More from TechRadar Pro

Benedict Collins
Benedict Collins
Senior Writer, Security

Benedict has been with TechRadar Pro for over two years, and has specialized in writing about cybersecurity, threat intelligence, and B2B security solutions. His coverage explores the critical areas of national security, including state-sponsored threat actors, APT groups, critical infrastructure, and social engineering.

Benedict holds an MA (Distinction) in Security, Intelligence, and Diplomacy from the Centre for Security and Intelligence Studies at the University of Buckingham, providing him with a strong academic foundation for his reporting on geopolitics, threat intelligence, and cyber-warfare.

Prior to his postgraduate studies, Benedict earned a BA in Politics with Journalism, providing him with the skills to translate complex political and security issues into comprehensible copy.