Internet Crime Gang Stealing Reward Points and Gift Cards Out of Email Inboxes

Hackers Target WHO Amidst the Covid-19 Pandemic
Share the knowledge

Talk about cherry picking! An international Internet crime gang is gaining access to as many as 100,000 compromised email inboxes a day, and all they are doing is searching for and stealing digital gift cards and rewards points. Of course, when we say “all”, that’s still too much – it’s actually a pretty big deal.

According to the always informative and valuable resource Krebs on Security, this gang has been doing this for at least three years. They average between 5million and 10million email login attempts every day, and between 50thousand and 100thousand of them are successful.

This means that about 1% of all of their efforts, day in and day out, for at least 3 years, are successful. Now, 1% doesn’t sound like a lot, until you look at the actual numbers. Let’s say that they “only” access 50,000 hacked email inboxes every day. That’s more than 18 million inboxes that they have hacked into or otherwise illegally accessed each year. That’s more than 54 million compromised inboxes in the 3+ years that they have been operating.

If you haven’t heard about this before, well it’s not surprising. They aren’t making a big splash, they aren’t stealing credit card numbers, they aren’t grabbing and using social security numbers. They are “only” stealing gift cards and rewards points. So they are, in large part, flying under the radar.

This reminds us of the time back in 2010, when the Federal Trade Commission (FTC) busted the criminals who had netted nearly 10million dollars by making very small charges (some as small as 25 cents) to over a million credit cards. “It was a very patient scam,” explained FTC attorney Steve Wernikoff.

The Internet Patrol is completely free, and reader-supported. Your tips via CashApp, Venmo, or Paypal are appreciated! Receipts will come from ISIPP.

CashApp us Square Cash app link

Venmo us Venmo link

Paypal us Paypal link

By searching in the compromised inboxes for known ‘from:’ addresses associated with gift cards and rewards programs, such as “giftcards@gc.nordstrom.com” and “SouthwestAirlines@iluv.southwest.com”, the thieves have been able to target exactly the email and data for which they are looking with laser-like focus.

This brings us to the question of why a crime gang would go through all that trouble to access email inboxes, and then only steal gift card and reward points data. And the answer is because they can convert the gift cards into new gift cards which they can sell, and they can also convert the rewards points into gift cards which they can sell. According to Krebs, they can net about 80% of the original value of the gift card or points by doing this.

According to Krebs’ source, who is referred to as “Bill” in the article, “These guys want that hard digital asset – the cash that is sitting there in your inbox. You literally just pull cash out of peoples’ inboxes, and then you have all these secondary markets where you can sell this stuff.”

Something to think about when you see someone or some site offering discount gift cards.

And, also… go change your email password.

Get New Internet Patrol Articles by Email!

The Internet Patrol is completely free, and reader-supported. Your tips via CashApp, Venmo, or Paypal are appreciated! Receipts will come from ISIPP.

CashApp us Square Cash app link

Venmo us Venmo link

Paypal us Paypal link

 


Share the knowledge

Leave a Reply

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.