Security researchers identify growth in the use of an ongoing cyberskimming campaign that involves compromising legitimate website checkout code.
We’ve all seen a video that shows someone fidgeting with a credit card terminal only to pull off a very realistic molded cover that looks identical to the actual device beneath it complete with its own circuitry to read and store credit card swipes. Now take that very same idea and put it into the digital world.
What would a digital skimmer look like? According to security researchers at Malwarebytes earlier this year, it appears as benign code within legitimate webstore checkout code. A recent news release from Malwarebytes states they’re now seeing 50% higher instances of this mode of attack in just a single month, “demonstrating a huge uptick in both compromised sites and opportunity for innocent shoppers to fall victim.”
The problem here is that online shoppers – like their gas station skimmer counterparts in the real world – won’t know or suspect anything until that unauthorized charge comes through some time later. Plus, you won’t know where the breach of your credit card data occurred.
But this attack speaks to a much larger issue; that cybercriminals are getting really good at injecting code into a legitimate checkout process and can do whatever they want. That means it’s possible to see this kind of attack expand to include launching infostealers, leveraging social engineering through ads on the checkout pages, and more all to obtain more from the potential victim buyer than just their credit card.
So, while you can’t do much to stop from becoming a victim of digital skimming, you can still remain vigilant – something taught continually in new-school security awareness training – when online to reduce the likelihood of becoming a victim this holiday season.
KnowBe4 enables your workforce to make smarter security decisions every day. Over 65,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.