Search This Blog

Showing posts with label E Skimming. Show all posts

Online Credit Card Skimming on a Continual Rise – Here's How to Prevent it


Credit card skimming has already been on a rise prior to the pandemic and the trend is most likely to develop in the near future as online shopping has seen a dramatic jump due to the confinement measures imposed in various nations – giving cybercriminals more opportunities to bank upon than ever.

Popularly known as, 'Magecart' moniker, web skimming is the practice of compromising online stores and stealing payment card data in the process. In March, web skimming soared by 26%, as per the data by MalwarebytesLABS.

Credit card skimming is a form of credit card theft where crooks steal victims' credit card credentials and other sensitive information through a skimmer which is a small device constructed to steal information stored on credit cards when victims carry out transactions at ATMs. Lately, the terminology has been expanded to include malicious code that targets payment card data filled on e-commerce websites while making purchases. By either means–hardware or software, skimming attempts to achieve the same goal of performing fraudulent transactions by using the stolen data.

As various nations upgraded their cybersecurity by moving to chip-enabled cards, crooks have also continually adopted new and sophisticated methods to avoid detection. Certain skimming devices are designed to fit into the card reading slot – known as "deep-insert." They are intended to read data from the chips on chip-enabled cards.

Consumers are advised to stay extra cautious as there is not just a single way to fall in the trap of skimming, security experts recommend looking for signs of tampering like chunks of metal or plastic that seem off in dispositions, strange holes, or constituents, not in alignment with the rest of the ATM.

To prevent online skimming, there is not much one can do directly as they can't control the affected software. However, consumers can constantly monitor their card statements to look out for unauthorized transactions. They can use virtual card numbers to make online purchases if the bank offers of can also pay with smartphones; services such as Google Pay and Apple Pay that uses tokenization, replacing the real number with a virtual one, assures a great deal of security for real number by not exposing it. Another way to ensure safety is by making use of an alternative e-wallet service like PayPal.

Recent skimming attacks include a data breach disclosed by Warner Music Group, The American Payroll association's report wherein cybercriminals installed skimming malware on the login page of their website as well as the checkout section by exploiting a vulnerability in the company's CMS. Magecart skimmers also employ Telegram as a means for sending stolen credentials back to its C2 servers.

Hackers use the Fake Image Hosting Website as a Decoy to Launch E-Skimming Attacks


In what is said to be one of the most creative hacking technique to date, a group of hackers made a fake image hosting website to use it as a disguise for their web skimming operations. The aim is to deploy harmful codes that will steal payment card credentials from users via infected websites. The cybersecurity experts refer to this technique as e-skimming, web skimming, or Magecart attack. In this operation, the hackers attack a website, insert malicious codes in the webpages.


The malicious codes are responsible for stealing payment credentials when the users enter the details during the checkout form. The skimming attacks have been on the rise for the last four years. The cybersecurity experts have advanced in identifying the web skimming attacks, but so have been the hackers, as they are coming up with more sophisticated techniques.

Hackers used a fake image hosting website

According to a report published by Malwarebytes, a US-based cybersecurity firm, the experts have discovered a new group of hackers that have taken this technique to a whole different level. The group, according to Malwarebytes, was found while the experts were investigating a range of unfamiliar cyberattacks. In the investigation, the hackers noticed that only the Favicon was modified on the website, which is the logo icon displayed on browser tabs. "This latest case started with an image file displayed on the browser's tab often used for branding or identifying a website, also known as a favicon. While reviewing our crawler logs, we noticed requests to a domain called myicons[.]net hosting various icons and, in particular, favicons. Several e-commerce sites were loading a Magento favicon from this domain," says the report of Malwarebytes.

The hackers responsible behind this attack surely went some extra miles, as the codes were sophistically hidden. But, web skimming attacks, sooner or later, are bound to be found. "Given the decoy icons domain registration date, this particular scheme is about a week old but is part of a more significant number of ongoing skimming attacks. The goal remains to deceive online shoppers while staying under the radar from website administrators and security scanners," says Malwarebytes.