Scammers Spoof Target’s Gift Card Balance Checking Page

It’s the giving season, and cybercriminals are more actively looking to steal gift cards. One of the most popular brands in their sight is giant retailer Target.

A trick that crooks are currently pulling is to lure victims to fake sites that check the balance on the gift card.

Retail and gaming brands are at the top of scammers’ list of preferences these days as gift card sales register a sharp growth.

According to online fraud prevention company Bolster, November saw new websites related to gift card fraud at a rate of more than 220 per day. 

Also Read: Advisory Guidelines on Key Concepts in the PDPA: 23 Chapters

Fake Target gift cards balance check

Bolster’s research team note that online scams involving gift cards are predominantly impersonating Target’s balance checking pages. Some attempts are more credible than others.

In one example, the fraudsters are imitating Target’s service to such an extent that most users would not see any difference between the fake website and the legitimate one in terms of layout, text, and colors.

Even more, the crooks also registered a domain targetgiftscard[.]com, which makes it difficult to spot the scam. The only red flags are the links, which either don’t work or point to the same fraudulent page.

After typing in the gift card and access numbers and hitting the “check balance” button, the information gets to the fraudster.

To keep up appearances, the site displays the “checking balance” status indefinitely. Alternatively, an error pops up to mislead the victim that something went wrong, and the verification failed.

“In reality, the valid gift card numbers are harvested by the criminals and monetized by either reselling them on other sites or using them to make purchases”

– Bolster

The researchers note that a regular user would easily miss the signs revealing the sham. Noticing the red flags requires background information on Target and with some technical abilities.

For instance, the domain is similar to others belonging to Target (giftcard.com and giftcards.com) and would raise suspicions when checking if it was indeed registered by the retailer.

What the researchers found was that an entity in New Delhi, India registered the fraudulent site and that its IP address (used in the past in phishing campaigns) is shared with other businesses in India.

Bolster also discovered less advanced gift card scams that may not fool most users because the imagery is different than what the retailer uses.

Survey scam with gift card bait

In another scam, fraudsters lure victims with the promise of getting a gift card if they fill in a survey. They choose popular brands like Amazon, Google, Pizza Hut, or Walmart.

Bolster found more than 1,000 sites baiting users in this way, with domains that follow the same pattern ([fakedomain]/​free-[brandname]​.html). This suggests that the same group may be behind all of them.

• liveoffer.online/​free-aliexpress-gift-cards[.]html
• liveoffer.online/​free-bathandbody-gift-cards[.]html
• gamer007.club/​free-forever21-gift-cards[.]html
• wepromocode.com/​free-amazon-gift-cards[.]html
• promohub.xyz/​free-google-play-gift-cards​[.]html
• real-giveaway.com/giftcard/​free-hbo-gift-cards​[.]html

Although filling in a survey may not appear too dangerous, there are risks. Apart from giving away personal information (name, address, phone number, email, date of birth, demographic data, spending habits, insurance, car, healthcare preferences), victims are also likely to incur financial damage.

Also Read: Letter of Consent MOM: Getting the Details Right

In some cases, victims need to agree to receive calls and marketing messages to get to the survey and the promised gift card.

In the end, what the victim gets is a never ending stream of surveys. And the scammers take a commission for each survey the victim completes.