Credit card scam targets online shoppers of over 100 websites

In News

Officials at Qihoo 360, a leading Chinese cybersecurity firm, have revealed an ongoing credit card scam that steals the card payment information of thousands of customers visiting leading e-commerce websites. Researchers discovered that attackers have been injecting malicious JS scripts hosted on a malicious domain, www.magento-analytics [.] com, onto online shopping websites.

The JavaScripts include a credit card skimming code that when executed on a site, automatically steals vital information, such as credit card owner’s name, card number, expiry date and CVV number.

The technique used by scammers here is familiar and exactly the exactly same as what the MageCart credit card hacking groups used in their recent attacks including Ticketmaster, British Airways and Newegg. However, there are no explicit links being made to the MageCart groups this time.

Company researchers noted that this malicious domain has been stealing credit card information for five months or longer, with over a hundred websites already affected. This number could be higher, they said.

This attack reinforces the need for website administrators to apply the latest updates and patches, limit privileges for critical systems and harden web servers. They are also strongly advised to make use of the Content Security Policy (CSP) that effectively allows strict control over what content is allowed on the website. Online shoppers, meanwhile, must review their credit card statements for any irregular activity, and report it to the bank.

Comments

You may also read!

Kaspersky in partnership with Area9 Lyceum unveils Kaspersky Adaptive Online Training

Kaspersky has unveiled its new Kaspersky Adaptive Online Training, developed in partnership with Area9 Lyceum. The solution generates a

Read More...

SentinelOne chosen as the official cybersecurity provider to Aston Martin Lagonda

SentinelOne has been announced as the official cybersecurity provider to British luxury car manufacturer, Aston Martin Lagonda, deploying the

Read More...

Tenable ranked number one for device vulnerability management for 2019

Tenable, Inc. today announced that it has been ranked #1 for device vulnerability management for 2019 market share in

Read More...

Join Our Newsletter!

Love SecurityMEA? We love to tell you about our new stuff. Subscribe to newsletter!

Mobile Sliding Menu