- Analytics
- Big Data
- Case Studies
- Datacentre
- Cloud
- eGov
- IoT
- IT Infra
- Leadership
- Mobile/Social
- Mobility
- Security
- Storage
- Miscellaneous
- Insights
- Digital Transformation
- Blockchain
- Workplace
- Collaboration
- Developer
- Digital India
- Infrastructure
- Networking
- Software Defined
- Telecom
- Semiconductor
- Networking
- AI / ML / BOTS
- BPO/BPM/IT Services
- Blockchain
- Security
- Insights
- Leadership
- Miscellaneous
- Enterprise Applications
- FinTech
- Innovation
- Developer
- AI/Bots/ML
Fraudsters Use Fake Gift Cards to Lure Consumers into Handing Over Personal Data
When on the fake site, the user is asked to select the gift card he/she wants in order to receive the code
Kaspersky Lab experts have discovered the distribution of an unusual fraudulent scheme that tricks users into parting with their time and their data, for no return. By creating fake websites for the free generation of gift cards, cybercriminals are able to “sell” users’ data to third party partner sites, to which they redirect victims.
While industry and law enforcement agencies from around the world are busy fighting against cybercrime, criminals themselves are constantly looking for new ways of earning money – other than just malware. Offering something valuable free of charge is always an enticing piece of marketing, and criminals can take advantage of this.
Websites that offer customers the option of freely generating gift cards for well-known companies - like iTunes, Google Play, Amazon, or Steam - are nothing new. For example, legitimate apps like Tokenfire and Swagbucks buy card codes from vendors, to then give them to clients as a reward for certain activities. Criminals have apparently recognised the popularity of such websites and have decided to deceive users using a simple algorithm.
When on the fake site, the user is asked to select the gift card he/she wants in order to receive the code. After that, the fraudulent mechanism is set in motion. To get the generated code, however, the user needs to prove that he/she is not a robot. To do this, the user has to follow the suggested link and complete various tasks, the number and type of which are determined by the partner network to which the user is redirected. For example, he/she may be asked to fill in a form, leave a phone number or email address, subscribe to a paid SMS-message, install adware, and so on.
The result is predictable: either victims get tired of doing endless tasks, or they finally get the useless code. The earnings for criminals range from a few cents per every click on a desired link, to several dozen dollars for filling in a form or subscribing to paid services. Thus, the criminals make a profit virtually for nothing, getting paid from the user’s actions on the websites of third-party partners, who, for their part, also benefit by getting access to personal data which can be used for private purposes.
