|
Giving gifts the whole year round is normal, but a whole boatload of presents are bought and sold most especially during Christmas and holiday seasons. The end-of-year holidays, unfortunately, also usher in the greatest number of gift card scams. But the world’s biggest brands are no longer newbies to the threat, which is why Amazon, iTunes, and Target, among many others, have put up pages where scam victims can report malicious sites and pages.
We collated a list of web properties that consumers looking to purchase gift cards for family and friends should be wary of. We dug deeper into the 1,339 domains and 863 subdomains containing the string “gift + card” obtained from Domains & Subdomains Discovery and found that:
Note that we limited our dataset to domains and subdomains registered between 1 September and 21 December 2021. Why? Because many people begin buying gifts at this time.
As part of our ongoing effort to enable cybersecurity analysts and researchers to further their studies, we collated all pertinent data and made it available to anyone interested. You may download the related threat research materials here.
First, we scrutinized the 1,339 domains and found that at least 127 of them featured the names of global brands, such as Visa, Target, and Amazon. The chart below shows the abused brands and their respective domain volumes. Note that we only included the domains that spelled the brand names correctly.
The table below shows examples of domains for each of the top 10 abused brands.
Ranking | Brand Name | Sample Domain from the Dataset |
---|---|---|
1 | Visa | giftcardmallmygift-visagiftcardbalance[.]com |
2 | Target | targetcardgift[.]com |
3 | Amazon | amazon-egiftcard[.]com |
4 | Apple/iTunes | applegiftcards[.]phgetitunesgiftcard[.]ph |
5 | Shein | giftcard-shein[.]site |
6 | Walmart | walmartgifttcard[.]com |
7 | Chrome/Gmail/Google/Google Play | chromegiftcard[.]com giftcardgmail[.]com giftcard-google[.]com 123googleplaygiftcard[.]ph |
8 | Bitcoin | bitcoin-gift[.]cards |
9 | Nike | nikegiftcardforbusiness[.]com |
10 | Xbox | xboxgiftcard[.]ml |
A bulk malware check via Threat Intelligence Platform (TIP) revealed that 41 of the domains in our dataset are dubbed “dangerous” by one or various malware engines. Examples include:
Users should refrain from accessing these malicious domains via blocking. Where possible, querying the dangerous web properties on DNS Lookup revealed that they resolved to seven unique IP addresses, namely:
Reverse IP lookups for the IP addresses showed that each hosted at least 300 domains, which indicates that they are probably part of shared hosting services. Examples include:
That said, seventeen of the additional domains that resolved to the same IP addresses as the malicious domains were also dubbed “dangerous” by various malware engines. They are (site descriptions based on screenshot lookups):
We then looked more closely at the 863 subdomains and found that four of these should especially be avoided since they are malicious. The dangerous subdomains are:
As we’ve seen in this post, there is definitely more to gift card sites (even if they look real because they bear popular brand names) than meets the eye. Users looking to purchase gift cards for their loved ones should heed the advice of the Federal Trade Commission (FTC)—stick to stores (or, in this case, store sites) they know and trust. And if you do end up getting defrauded, report the abuse to the authorities.
If you wish to perform a similar investigation, please don’t hesitate to contact us. We’re always on the lookout for potential research collaborations.
Sponsored byVerisign
Sponsored byCSC
Sponsored byDNIB.com
Sponsored byVerisign
Sponsored byIPv4.Global
Sponsored byWhoisXML API
Sponsored byRadix