Security News > 2021 > September > Brute-Force Attacks Target Inboxes for Gift Card Data
Threat actors are compromising up to 100,000 inboxes daily in a campaign that targets gift card and customer-loyalty program data in hopes of reselling it or cashing in on freebies, a security researcher has found.
"Whether it's related to hotel or airline rewards or just Amazon gift cards, after they successfully log in to the account their scripts start pilfering inboxes looking for things that could be of value," the researcher told Krebs, according to the post.
IMAP is the email standard used by email software clients like Mozilla's Thunderbird and Microsoft Outlook-checks the email credentials to see if they are legitimate.
These reward programs are attractive because the accounts can be cleaned out and deposited onto a gift card number that can be resold quickly online for 80 percent of its value, Bill told Krebs, according to the post.
Threat actors even will use the credentials to seek new gift card benefits on behalf of victims, if that option is available, he said.
"The fraud can be at the end of the funnel - that is, the exploitation happens elsewhere - in this case the email provider - but the damage is done on an unrelated site where the gift card is redeemed."