Rogue ads are a problem-causing menace which can strike in many ways. Malvertising often uses a combination of exploits to drop malware. Phishing campaigns get the job done with social engineering and bogus websites. This particular incident is an example of the latter, and a good reminder to be cautious when clicking.

Shall we take a look?

Balancing your gift cards

A Reddit user reports seeing an advert related to gift card balance searches. You may have been given a gift card at some point, but what you may not realise is that you can check the balance of a card online. Some cards can be topped up, which might make it even harder to remember how much you have. Very handy if you’re out and about and the cash value isn’t written down somewhere!

“Please submit your details”

The ad, which claims to let visitors “check their gift card balance”, rang a few alarm bells for the Reddit user. For one thing, the website’s domain seemed to be related to van hire. This isn’t, typically, what you’d expect to find in a gift card search.

The page, sporting a Target logo and banner at the top, asks visitors to check their balance via an entry form. It says:

Gently remove the metallic strip on the back of your gift card to reveal both the card and the access numbers”.

Some people who tried the site out reported that it redirected them to the real Target page after hitting the submit button.

The site in question now resolves to a 404 error. It’s likely the site was compromised, with the bogus card check page added in afterwards.

But there are still many other examples of these sites online.

Digging into a card submission

There’s a few different examples of sites posted to the Reddit comment thread, all of which are now currently offline, likely due to multiple webhost reports. They use branding from multiple big name corporations, with incredibly long descriptions on how to check your balance. Much of it is clearly cut and pasted from somewhere else, to the extent that some also reference Amazon and McDonalds cards further down the page. This is designed to try and game SEO rankings on search engines, but all they really care about is having you click the redeem code button.

Clicking through on these kind of sites takes visitors to replicas of the balance check function on the real Target website, like so:

Like the page hosted on the van hire portal, the forms take submitted gift card/access numbers, then redirect to the genuine Target page.

Tips to avoid losing your gift card balance

With Christmas and New Year fading into the distance, there’ll be a lot of people with gift card balances waiting to be spent. No doubt many will want to check their balances at short notice. All it’ll take to be potentially parted with their credit is a few hurried searches and a bogus website.

If this sounds familiar, you may wish to take some steps to mitigate the threat. Here’s some general tips:

  • Don’t open emails from senders you are not familiar with.
  • Don’t click on a link inside an email unless you know exactly where it is going.
  • To layer that protection, if you get an email from a source you are unsure of, navigate to the provided link manually by entering the legitimate website address into your browser.
  • Just because a website is HTTPs, does not guarantee a site’s legitimacy. It’s easier than ever to set up a free HTTPs certificate, which is why manually navigating to websites is important.
  • As you’ll likely check balances at short notice on your mobile, it’s worth finding official card pages now. Save them as bookmarks in your browser.
  • There are many balance check sites out there and it’s not easy to figure out which ones are legit. Some deal with one card specifically, while others allow you to check multiple cards in one go. We’ve seen balance check sites which may well be genuine, but no link from the parent site seems to exist to it. So go to the official website of the service you’re using, and ask customer support where you can check balances.

All of these tips combined will help you avoid gift card scams.