Credit card scam targets online shoppers of over 100 websites

In News

Officials at Qihoo 360, a leading Chinese cybersecurity firm, have revealed an ongoing credit card scam that steals the card payment information of thousands of customers visiting leading e-commerce websites. Researchers discovered that attackers have been injecting malicious JS scripts hosted on a malicious domain, www.magento-analytics [.] com, onto online shopping websites.

The JavaScripts include a credit card skimming code that when executed on a site, automatically steals vital information, such as credit card owner’s name, card number, expiry date and CVV number.

The technique used by scammers here is familiar and exactly the exactly same as what the MageCart credit card hacking groups used in their recent attacks including Ticketmaster, British Airways and Newegg. However, there are no explicit links being made to the MageCart groups this time.

Company researchers noted that this malicious domain has been stealing credit card information for five months or longer, with over a hundred websites already affected. This number could be higher, they said.

This attack reinforces the need for website administrators to apply the latest updates and patches, limit privileges for critical systems and harden web servers. They are also strongly advised to make use of the Content Security Policy (CSP) that effectively allows strict control over what content is allowed on the website. Online shoppers, meanwhile, must review their credit card statements for any irregular activity, and report it to the bank.


You may also read!

Security vulnerability in Bluetooth puts iOS and Windows 10 devices at risk

In a research paper titled Tracking Anonymized Bluetooth Devices, researchers have revealed that a security flaw in Bluetooth communication


Humans cause nine out of ten data breaches in the cloud

Incidents in public cloud infrastructure are more likely to happen because of a customer’s employees rather than actions carried


FireEye expands Managed Defense MDR services

FireEye, the intelligence-led security company, today announced the availability of two new managed detection and response (MDR) service offerings


Join Our Newsletter!

Love SecurityMEA? We love to tell you about our new stuff. Subscribe to newsletter!

Mobile Sliding Menu