Microsoft Says Beware of Gift Card Scams

December 18, 2023
1 min read
  • Microsoft has alerted the public about the risk of gift card fraud, with hackers potentially misusing a popular authentication technology.
  • The tech giant has identified a threat actor named Storm-0539, which has been conducting a gift card fraud and theft operation via SMS and email phishing attacks against retail organizations.
  • The group uses fraudulent hyperlinks that direct device users to phishing pages that employ an adversary-in-the-middle (AiTM) methodology to extract session tokens and other sensitive data.
  • The alert follows Microsoft’s recent closure of a cybercrime marketplace selling compromised Microsoft accounts.

Microsoft has sounded the alarm about an increase in cyberthreat activity from a group dubbed Storm-0539. This organization has been conducting a gift card fraud and theft operation, primarily targeting retail establishments leading up to the 2023 holiday season. The operation is executed through SMS and email phishing attacks involving the trap of gift cards.

The attacks involve fraudulent hyperlinks that redirect device users to phishing pages. These pages utilize an adversary-in-the-middle (AiTM) methodology that enables them to extract session tokens and other sensitive details, including user credentials. Furthermore, Storm-0539 extracts email information, network configurations, and contact data. These additional details have subsequently been used to launch new attacks against previously targeted retail organizations.

Storm-0539 has also been registering its devices for secondary authentication prompts using compromised credentials. This method allows them to bypass multifactor authentication safeguards, thereby enabling them to open up privileges for threat actors and gain access to information from cloud resources.

Microsoft’s report indicates that Storm-0539 has been active since 2021 and has conducted extensive reconnaissance of target retail organizations. The tech giant’s alert is in the wake of its recent shutdown of a Vietnam-based cybercriminal group that had sold several hundred bogus Microsoft accounts and other tools designed to bypass verification on various tech platforms.

In light of these findings, organizations are urged to take appropriate measures to mitigate social engineering cyber threats, including but not limited to reinforcing their authentication safeguards.

Latest from Blog

EU push for unified incident report rules

TLDR: The Federation of European Risk Management Associations (FERMA) is urging the EU to harmonize cyber incident reporting requirements ahead of new legislation. Upcoming legislation such as the NIS2 Directive, DORA, and