Giving presents the entire yr spherical is regular, however an entire boatload of presents are purchased and bought most particularly throughout Christmas and vacation seasons. The end-of-year holidays, sadly, additionally usher within the best variety of gift card scams. But the world’s largest manufacturers are now not newbies to the menace, which is why Amazon, iTunes, and Target, amongst many others, have put up pages the place rip-off victims can report malicious websites and pages.
We collated an inventory of net properties that buyers seeking to buy reward playing cards for household and buddies needs to be cautious of. We dug deeper into the 1,339 domains and 863 subdomains containing the string “reward + card” obtained from Domains & Subdomains Discovery and discovered that:
- A complete of 127 domains contained the names of world-famous manufacturers.
- Forty-one of the 1,339 domains had been dubbed “harmful” by varied malware engines.
- The 41 malicious domains resolved to seven distinctive IP addresses, all of which hosted at the very least 300 different domains.
- Four of the 863 subdomains had been dubbed “harmful” by varied malware engines.
Note that we restricted our dataset to domains and subdomains registered between 1 September and 21 December 2021. Why? Because many individuals start shopping for presents presently.
As a part of our ongoing effort to allow cybersecurity analysts and researchers to additional their research, we collated all pertinent information and made it out there to anybody . You could obtain the associated threat research materials here.
Analysis and Findings
First, we scrutinized the 1,339 domains and discovered that at the very least 127 of them featured the names of world manufacturers, akin to Visa, Target, and Amazon. The chart beneath reveals the abused manufacturers and their respective area volumes. Note that we solely included the domains that spelled the model names appropriately.
The desk beneath reveals examples of domains for every of the highest 10 abused manufacturers.
| Ranking | Brand Name | Sample Domain from the Dataset |
|---|---|---|
| 1 | Visa | giftcardmallmygift-visagiftcardbalance[.]com |
| 2 | Target | targetcardgift[.]com |
| 3 | Amazon | amazon-egiftcard[.]com |
| 4 | Apple/iTunes | applegiftcards[.]phgetitunesgiftcard[.]ph |
| 5 | Shein | giftcard-shein[.]website |
| 6 | Walmart | walmartgifttcard[.]com |
| 7 | Chrome/Gmail/Google/Google Play | chromegiftcard[.]com giftcardgmail[.]com giftcard-google[.]com 123googleplaygiftcard[.]ph |
| 8 | Bitcoin | bitcoin-gift[.]playing cards |
| 9 | Nike | nikegiftcardforbusiness[.]com |
| 10 | Xbox | xboxgiftcard[.]ml |
A bulk malware test through Threat Intelligence Platform (TIP) revealed that 41 of the domains in our dataset are dubbed “harmful” by one or varied malware engines. Examples embody:
- mygift-gift[.]playing cards
- mygiftcardmall-giftcardmall-mygift[.]com
- giftlove[.]playing cards
- giftcardmallmygift-visagiftcardbalance[.]com
- mygift-giftcard-mall[.]information
- balance-mygift-gift[.]playing cards
- giftcardmall-mygiftcard-balance[.]com
- gabbygiftcard[.]org
- wwwgiftcardmallcommygift[.]com
- targetcardgift[.]com
Users ought to chorus from accessing these malicious domains through blocking. Where potential, querying the damaging net properties on DNS Lookup revealed that they resolved to seven distinctive IP addresses, specifically:
- 35[.]185[.]44[.]232
- 81[.]17[.]29[.]146
- 198[.]54[.]116[.]49
- 139[.]162[.]2[.]200
- 103[.]129[.]97[.]199
- 198[.]54[.]117[.]244
- 198[.]54[.]126[.]161
Reverse IP lookups for the IP addresses confirmed that every hosted at the very least 300 domains, which signifies that they’re in all probability a part of shared internet hosting companies. Examples embody:
- a-sunflower-blooms[.]gitlab[.]io
- 16plersonalities[.]com
- audizonehearing[.]com
- bani[.]buzz
- cahayabalirental[.]com
- etoglobaltrading[.]com
- fbsadvancedtechnology[.]com
- galacticprogramming[.]com
- heartfulwarrior[.]internet
- inovattaseguros[.]com
That mentioned, seventeen of the extra domains that resolved to the identical IP addresses because the malicious domains had been additionally dubbed “harmful” by varied malware engines. They are (website descriptions based mostly on screenshot lookups):
- magierasolutions[.]com: Software growth firm web page
- g4l1c1aproject[.]xyz: Currently unreachable
- cjkddd[.]ml: Error web page
- autodiscover[.]cp-objection-appeal-portal[.]ml: Currently unreachable
- apple-ltd[.]com: Currently unreachable
- apple-ltd[.]co: Currently unreachable
- alokdigitalmedia[.]com: Digital advertising service website
- allgiftcardcode[.]xyz: Site index web page
- aavkaro[.]com: Account suspension warning web page
- 3615google[.]fr: Currently unreachable
- 10082773[.]evaluate: Account suspension warning web page
- 1002983[.]evaluate: Account suspension warning web page
- 032972[.]xyz: Account suspension warning web page
- 022299fedeex[.]com: Blank web page
- 022289fedeex[.]com: Fake FedEx web page
- 022279fedeex[.]com: Blank web page
- 02-billing-support[.]org: Account suspension warning web page
We then regarded extra carefully on the 863 subdomains and discovered that 4 of those ought to particularly be averted since they’re malicious. The harmful subdomains are:
- giftcard[.]ayurvedarus[.]com
- www[.]giftcard[.]ayurvedarus[.]com
- giftcard-service-verification[.]com[.]f-c-s-world[.]org
- www[.]giftcard-service-verification[.]com[.]f-c-s-world[.]org
As we’ve seen on this submit, there’s positively extra to reward card websites (even when they give the impression of being actual as a result of they bear in style model names) than meets the attention. Users seeking to buy reward playing cards for their family members ought to heed the recommendation of the Federal Trade Commission (FTC)—keep on with shops (or, on this case, retailer websites) they know and belief. And in the event you do find yourself getting defrauded, report the abuse to the authorities.
If you want to carry out an identical investigation, please don’t hesitate to contact us. We’re all the time looking out for potential analysis collaborations.
https://circleid.com/posts/20220117-gift-cards-anyone-watch-out-for-fraud-and-malware-hosts
