by Kristina Knight

The bot is being called the GiftGhostBot, and according to experts with Distil Networks the bot is rolling through nearly 2 million gift card numbers each hour. Once actual gift card numbers are identified, the bots are then draining those accounts; they believe the fraudsters are then selling the stolen cards on the dark web.

"Like most sophisticated bot attacks, GiftGhostBot operators are moving quickly to evade detection, and any retailer that offers gift cards could be under attack at this very moment," said Rami Essaid, CEO of Distil Networks. "While it is important to understand that retailers are not exposing consumers' personal information, consumers should remain vigilant. Check gift card balances, contact retailers and ask for more information. In order to prevent resources from being drained, individuals and companies must work together to prevent further damage."

So far, the attack has been seen in action on more than 1,000 websites.

The fraudsters are using a rotation of user-agent strings to help it go undetected as it asks for the balances attached to the listing of gift cards. Once a balance is identified, the account is then drained of funds. The bog is currently working across hosting providers, mobile ISPs, and data centers.

Tags: Distil Networks, ecommerce, ecommerce fraud, gift card fraud, m:commerce fraud