Each day, a cyber-criminal business tests millions of identities and passwords in search of concerned loyalty card data.
A security researcher discovered that malicious hackers are infiltrating up to one million inboxes every day in an effort to attack gift card and consumer loyalty programme data with the aim of exploiting it or profiting from freebies.
It was observed that these scams use a 'low-and-slow' strategy, evading discovery or intervention by investigators and law enforcement organisations. This has been achieved by taking tiny amounts of money from a large number of individuals over an extended period.
Around half of the compromised accounts in the latest operation were used to break into accounts using the email regular web message access protocol (IMAP). IMAP—the email protocol used by email software clients such as Mozilla's Thunderbird and Microsoft Outlook—verifies the validity of email credentials.
The targets of the scam were tracked on most of the email networks, with many significant ISPs throughout Germany and France being specifically targeted.
As shown in the Flashpoint 2018 research, the abuse of rewards-points schemes is a burgeoning criminal industry, particularly for accounts linked with travel. The threat actors go into each mailbox using automated systems and search for a range of domains and phrases associated with firms that manage loyalty and points programmes, issue gift cards, and fulfill them.
Since the security mechanisms and safeguards are improving, compromising gift card data will become troublesome for malicious hackers.