Every time buying online is something more common in the day-to-day life of Internet users. In that aspect, there are many services and platforms that we can use. However, not all of them are safe and our data is not always safe, especially those of the means of payment. Now, although it is usual for our data to be safe, there are still security problems. In this regard, there are many scams on the network that can affect us and for which we must take precautions. Some of them even affect legitimate shopping websites whose payment methods are attacked by cybercriminals. In this article we are going to talk about pages hacked by credit card thieves for months.
They steal thousands of credit cards
Credit card thieves take advantage of the holidays and big shopping events to prepare for their scams. So it is not surprising that some of his favorite times are Black Friday, the Christmas period and that of the January sales.
However, a worrisome fact should be noted, and that is credit card theft attacks that remain undetected for months as customer payment information is stolen.
One of them is Magecart skimming, which we can define as an attack that involves the injection of malicious JavaScript code into the target web page. Then it waits for the customer to pay and runs when the visitor is on the payment page. This code is capable of stealing details of the means of payment such as the credit card number, the holder’s name, their addresses and the CVV. After extracting all the information, it is sent to the credit card thieves.
Cybercriminals can use this information to:
- Buying products over the Internet.
- Selling the data to other scammers in underground forums and dark web marketplaces known as card sites.
You may be interested in some tips to buy safely on the Internet and avoid fraud.
Shopping pages hacked for months
Akamai researchers in October 2021 discovered a Magecart attack against SCUF Gaming International. This company is a leading manufacturer of custom PC and console controllers. Upon investigation, it was discovered that credit card thieves had obtained the financial details of 32,000 people.
They then investigated further, and analysts discovered that the same actor responsible for the attack on SCUF was operating an extensive network of credit card thieves who stole credit card details from various websites. These are the affected online shopping web pages:
- whitemountainshoes.com – Shoes and footwear.
- goldboutique.com – Jewelry.
- nafnaf.com – Fashion clothing.
- schlafstaette.de – Sleeping products.
- proaudiostar.com – Professional audio equipment.
- truebrands.com – Professional Beverage Accessories.
- loudmouth.com – Clothing and specialty garments.
The Akamai report also revealed new details such as:
- They found that the skimmer’s command and control (C2) server responds with clean code when running on non-responsive pages.
- The skimmer only sends the malicious code if it runs on the payment pages, which is when the credit card thieves obtain the information they are interested in.
- Magecart actors registered different skimming domain for each target web page.
- If they were discovered they deactivated that domain and the frauds continued on other pages.
Tips during shopping time
One of the things we have to learn is to detect if a page is reliable before buying. For example, one of the things to check is the URL and verify that it is HTTPS and has the padlock icon.
Skimmer detection is the responsibility of the owners of the Internet shopping website . However, that does not prevent users from taking measures to protect ourselves such as:
- Keep the operating systems of our equipment updated and have security software.
- Pay with electronic methods instead of cards.
- Better to use virtual-prepaid card solutions.
- If it is possible to make the payment against reimbursement.
Finally, in the hypothetical case of having bought in any of these sites or if we ever find ourselves in that situation, it is advisable to call our bank and request a replacement card.