Microsoft Sends Out Warning about Growing Threat of Gift Card Fraud
Microsoft has sent out warnings about a threat actor named Storm-0539 attacking retail organizations ahead of the holiday week.
- Microsoft has published warnings about the risk of gift card fraud with hackers potentially abusing a popular authentication technology.
- The tech giant recently shut down a cybercrime marketplace selling compromised Microsoft accounts.
Microsoft has warned of an increase in cyber threat activity from a group designated Storm-0539 that has been running a gift card fraud and theft operation through SMS and email phishing attacks involving the trap of gift cards against retail organizations leading into the 2023 holiday season.
The operations are carried out through fraudulent hyperlinks booby-trapped to lead device users to phishing pages that use an adversary-in-the-middle (AiTM) methodology that allows for extracting session tokens and other sensitive information, such as user credentials.
Storm-0539 also extracts email information, network configurations, and contact information, which have been further used to generate new attacks against previously targeted retail organizations.
See More: Google Will Block Third-Party Cookies for All Chrome Users by the Second Half of 2024
The attacks are carried out by the registration of Storm-0539 devices for secondary authentication prompts by compromised credentials. They can even circumvent multifactor authentication safeguards to open up privileges for threat actors and gain access to information from cloud resources.
Microsoft’s report has stated that the group has been active since 2021 and that attacks included extensive reconnaissance of target retail organizations. The report has come on the heels of the news that Microsoft used a court order to shut down a Vietnam-based cybercriminal group that had sold several hundred fake Microsoft accounts and other tools to bypass verification on a range of tech platforms.
Does your organization do enough to mitigate social engineering cyber threats? Let us know your thoughts on LinkedIn, X, or Facebook. We’d love to hear from you!
Image source: Shutterstock