Online sellers and buyers are advised to be extra cautious when making transactions on the internet as web skimmers are at it again.
While eCommerce businesses and shoppers are busy preparing for the holidays, cybercriminals have found a new way to steal customers’ personal information like credit card details through a fraudulent payment service platform (PSP).
These skimmers would construct a page that looks exactly like a legit payments platform and wait for their unsuspecting victim to enter their payment details. Once they have collected the customer’s data, they are free to do whatever they wish to do with it.
Malware Attack via Phishing Site
A group of fraudsters that use a network of domain names to skim payment information on vulnerable sites was recently discovered by anti-malware software provider, Malwarebytes Labs.
According to the company, most of the domains were registered through the email address medialand.regru@gmail[.]com and come with a malicious ga.js file.
It further explained that the file is injected into compromised online shops by inserting a one-line piece of code containing the remote script in Base64 encoded form.
“One of several newly-registered domain names we came across had a skimmer that fit the same template, hosted at payment-mastercard[.]com/ga.js. However, one thing we noticed is that the payment-mastercard[.]com domain was also hosting a completely different kind of skimmer that at first resembled a phishing site.” – Malwarebytes Labs
The company was referring to a copycat of CommWeb, a payment gateway of Australia’s Commonwealth Bank, which targets an online store running on the PrestaShop eCommerce platform.
What’s alarming about the fraudulent site is its ability to validate the user’s information to make them think that they are indeed on a legit payments platform.
Don’t Be a Skimming Victim
The hackers did an excellent job at replicating the payments page of Commonwealth Bank’s website that no customer would have second thoughts about entering their payment details into the page.
Once the fake web page has obtained a customer’s information, the latter will be redirected to the real payment page and required to supply their payment information all over again, unaware that they have just been scammed.
To avoid falling victim to web skimming, always check the URL of the payments page you’re on, especially if you were redirected from a merchant’s site.
Also, make sure to take note of the following domains as they contain malware:
Have you ever been a victim of web skimming before? Let us know in the comments below or over in our Facebook Group.