Major Retailers Facing GiftGhostBot Attacks Attempting to Defraud Consumers

San Francisco, CA – March 24, 2017– Distil Networks, Inc., the global leader in bot detection and mitigation, today announced that its analyst team has uncovered an Advanced Persistent Bot (APB) that targets gift card payments processes on websites. The bot, named GiftGhostBot, is attempting to defraud consumers from the money loaded on gift cards from a variety of retailers around the globe. Any website, from luxury retailers, to supermarkets, to major coffee distributors, with gift card processing capabilities could be a target. Distil has seen this attack on almost 1,000 customer websites.

Beginning on Feb 26, 2017, the Distil Networks Security Analyst team noticed increased bot activity on customer websites with gift card processing capabilities. Fraudsters are using malicious automation to test a rolling list of potential account numbers and requesting each balance. If successful in obtaining the balance, fraudsters can resell the account number on the dark web or use them to purchase goods. GiftGhostBots are being distributed across worldwide hosting providers, mobile ISPs, and data centers, executing JavaScript to avoid detection. On one customer website, the analyst team recorded 4 million bad bot requests per hour – nearly 10 times their normal level of traffic. On average, the operators of GiftGhostBot can test as many as 1.7 million gift card account numbers per hour.

“Like most sophisticated bot attacks, GiftGhostBot operators are moving quickly to evade detection, and any retailer that offers gift cards could be under attack at this very moment,” said Rami Essaid, CEO of Distil Networks. “While it is important to understand that retailers are not exposing consumers’ personal information, consumers should remain vigilant. Check gift card balances, contact retailers and ask for more information. In order to prevent resources from being drained, individuals and companies must work together to prevent further damage.”

GiftGhostBot has multiple features that confirm it is an APB:

  • It is lying about its identity by rotating user-agent strings.
  • It is heavily distributed across various hosting providers, mobile ISPs, and data centers all over the world.
  • It is technically sophisticated when it executes JavaScript, mimicking a normal browser.
  • It is persistent in that if it is blocked using one technique, it adapts and returns using a different attack technique.

Additional Resources

About Distil Networks
Distil Networks, the global leader in bot detection and mitigation, is the first easy and accurate way to identify and police malicious website traffic, blocking 99.9% of bad bots without impacting legitimate users. Distil protects against web scraping, brute force attacks, competitive data mining, online fraud, account hijacking, unauthorized vulnerability scans, spam, man-in-the-middle attacks, digital ad fraud, and downtime. Slash the high tax that bots place on your internal teams and web infrastructure and make your online applications more secure with API security, real-time threat intelligence, a 24/7 security operations center, and complete visibility and control over human, good bot, and bad bot traffic. For more information on Distil Networks, visit us at or follow @DISTIL on Twitter.