Credit card scam targets online shoppers of over 100 websites

In News

Officials at Qihoo 360, a leading Chinese cybersecurity firm, have revealed an ongoing credit card scam that steals the card payment information of thousands of customers visiting leading e-commerce websites. Researchers discovered that attackers have been injecting malicious JS scripts hosted on a malicious domain, www.magento-analytics [.] com, onto online shopping websites.

The JavaScripts include a credit card skimming code that when executed on a site, automatically steals vital information, such as credit card owner’s name, card number, expiry date and CVV number.

The technique used by scammers here is familiar and exactly the exactly same as what the MageCart credit card hacking groups used in their recent attacks including Ticketmaster, British Airways and Newegg. However, there are no explicit links being made to the MageCart groups this time.

Company researchers noted that this malicious domain has been stealing credit card information for five months or longer, with over a hundred websites already affected. This number could be higher, they said.

This attack reinforces the need for website administrators to apply the latest updates and patches, limit privileges for critical systems and harden web servers. They are also strongly advised to make use of the Content Security Policy (CSP) that effectively allows strict control over what content is allowed on the website. Online shoppers, meanwhile, must review their credit card statements for any irregular activity, and report it to the bank.

Comments

You may also read!

du acknowledged as the Best MSSP in the Middle East

du, from Emirates Integrated Telecommunications Company (EITC), presented the Managed Security Service Provider, “Visionary of the Year” Award by

Read More...

Forcepoint recognizes its partners in the region

Leading cybersecurity firm, Forcepoint recognized its key channel partner during its partner event held recently in Dubai, which was

Read More...

Tenable research discovers download hijack vulnerability in Slack

Tenable Inc, the Cyber Exposure company, announced that its research team has discovered a vulnerability in the Slack Desktop

Read More...

Join Our Newsletter!

Love SecurityMEA? We love to tell you about our new stuff. Subscribe to newsletter!

Mobile Sliding Menu