Distil Networks Uncovers Sophisticated Gift Card Fraud Bot

Major Retailers Facing GiftGhostBot Attacks Attempting to Defraud Consumers

SAN FRANCISCO, CA--(Marketwired - March 24, 2017) - Distil Networks, the global leader in bot detection and mitigation, today announced that its analyst team has uncovered an Advanced Persistent Bot (APB) that targets gift card payments processes on websites. The bot, named GiftGhostBot, is attempting to defraud consumers from the money loaded on gift cards from a variety of retailers around the globe. Any website, from luxury retailers, to supermarkets, to major coffee distributors, with gift card processing capabilities could be a target. Distil has seen this attack on almost 1,000 customer websites.

Beginning on Feb 26, 2017, the Distil Networks Security Analyst team noticed increased bot activity on customer websites with gift card processing capabilities. Fraudsters are using malicious automation to test a rolling list of potential account numbers and requesting each balance. If successful in obtaining the balance, fraudsters can resell the account number on the dark web or use them to purchase goods. GiftGhostBots are being distributed across worldwide hosting providers, mobile ISPs, and data centers, executing JavaScript to avoid detection. On one customer website, the analyst team recorded 4 million bad bot requests per hour -- nearly 10 times their normal level of traffic. On average, the operators of GiftGhostBot can test as many as 1.7 million gift card account numbers per hour.

"Like most sophisticated bot attacks, GiftGhostBot operators are moving quickly to evade detection, and any retailer that offers gift cards could be under attack at this very moment," said Rami Essaid, CEO of Distil Networks. "While it is important to understand that retailers are not exposing consumers' personal information, consumers should remain vigilant. Check gift card balances, contact retailers and ask for more information. In order to prevent resources from being drained, individuals and companies must work together to prevent further damage."

GiftGhostBot has multiple features that confirm it is an APB:

  • It is lying about its identity by rotating user-agent strings.
  • It is heavily distributed across various hosting providers, mobile ISPs, and data centers all over the world.
  • It is technically sophisticated when it executes JavaScript, mimicking a normal browser.
  • It is persistent in that if it is blocked using one technique, it adapts and returns using a different attack technique.

Additional Resources

About Distil Networks

Distil Networks, the global leader in bot detection and mitigation, is the only proactive and precise way to mitigate bad bots across web applications, mobile and APIs. With Distil, you automatically block 99.9% of malicious traffic without impacting legitimate users. Distil Web Security defends websites against web scraping, competitive data mining, account takeovers, transaction fraud, unauthorized vulnerability scans, spam, man-in-the-middle attacks, digital ad fraud, and denial of service. Distil API Security protects public and partner-facing APIs against developer errors, integration bugs, automated scraping, and web and mobile hijacking. For more information on Distil Networks, visit us at https://www.distilnetworks.com or follow @DISTIL on Twitter.

Contact Information:

Media Contact
Lauren Hillman
Kulesa Faul for Distil Networks
P: 510-394-2145