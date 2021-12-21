However, it is necessary to point out a worrying fact, and that are the Credit card theft attacks that go undetected for months as customers’ payment information is stolen.

Credit card thieves take advantage of the holidays and big shopping events to prepare for their scams. So it is not surprising that some of his favorite times are Black Friday, the Christmas period and that of the January sales.

One of them is the skimming by Magecart We can define it as an attack that involves the injection of malicious JavaScript code into the target web page. Then it waits for the customer to pay and runs when the visitor is on the payment page. This code is capable of stealing details of the means of payment such as the credit card number, the holder’s name, their addresses and the CVV. After extracting all the information, it is sent to the credit card thieves.

Cybercriminals can use this information to:

Buying products over the Internet. Selling the data to other scammers in underground forums and dark web marketplaces known as card sites.

You may be interested in some tips to buy safely on the Internet and avoid fraud.

Shopping pages hacked for months

Akamai researchers in October 2021 discovered a Magecart attack against SCUF Gaming International. This company is a leading manufacturer of custom PC and console controllers. Upon investigation, it was discovered that credit card thieves had obtained the financial details of 32,000 people.

They then investigated further, and analysts discovered that the same actor responsible for the attack on SCUF was operating an extensive network of credit card thieves who stole credit card details from various websites. These are the affected online shopping web pages:

whitemountainshoes.com – Shoes and footwear.

goldboutique.com – Jewelry.

nafnaf.com – Fashion clothing.

schlafstaette.de – Sleeping products.

proaudiostar.com – Professional audio equipment.

truebrands.com – Professional Beverage Accessories.

loudmouth.com – Clothing and specialty garments.

The akamai report also revealed new details such as:

They found that the skimmer’s command and control (C2) server responds with clean code when running on non-responsive pages. The skimmer only sends the malicious code if it runs on the payment pages, which is when the credit card thieves obtain the information they are interested in. Magecart actors registered different skimming domain for each target web page. If they were discovered they deactivated that domain and the frauds continued on other pages.

Tips during shopping time

One of the things we have to learn is to detect if a page is reliable before buying. For example, one of the things to check is the URL and verify that it is HTTPS and has the padlock icon.

On the part the skimmer detection is responsibility of the owners of the Internet shopping website. However, that does not prevent users from taking measures to protect ourselves such as:

Keep the operating systems of our equipment updated and have security software.

Pay with electronic methods instead of cards.

Better to use virtual-prepaid card solutions.

If it is possible to make the payment against reimbursement.

Finally, in the hypothetical case of having bought in one of these sites or if we are ever in that situation, it is advisable to call our bank and request a replacement card.