Beware of New Web Skimming Tactic


Online sellers and buyers are advised to be extra cautious when making transactions on the internet as web skimmers are at it again.

While eCommerce businesses and shoppers are busy preparing for the holidays, cybercriminals have found a new way to steal customers’ personal information like credit card details through a fraudulent payment service platform (PSP).

These skimmers would construct a page that looks exactly like a legit payments platform and wait for their unsuspecting victim to enter their payment details. Once they have collected the customer’s data, they are free to do whatever they wish to do with it.

Malware Attack via Phishing Site

A group of fraudsters that use a network of domain names to skim payment information on vulnerable sites was recently discovered by anti-malware software provider, Malwarebytes Labs.

credit cardAccording to the company, most of the domains were registered through the email address medialand.regru@gmail[.]com and come with a malicious ga.js file.

It further explained that the file is injected into compromised online shops by inserting a one-line piece of code containing the remote script in Base64 encoded form.

“One of several newly-registered domain names we came across had a skimmer that fit the same template, hosted at payment-mastercard[.]com/ga.js. However, one thing we noticed is that the payment-mastercard[.]com domain was also hosting a completely different kind of skimmer that at first resembled a phishing site.” – Malwarebytes Labs

The company was referring to a copycat of CommWeb, a payment gateway of Australia’s Commonwealth Bank, which targets an online store running on the PrestaShop eCommerce platform.

What’s alarming about the fraudulent site is its ability to validate the user’s information to make them think that they are indeed on a legit payments platform.

Don’t Be a Skimming Victim

The hackers did an excellent job at replicating the payments page of Commonwealth Bank’s website that no customer would have second thoughts about entering their payment details into the page.

Once the fake web page has obtained a customer’s information, the latter will be redirected to the real payment page and required to supply their payment information all over again, unaware that they have just been scammed.

To avoid falling victim to web skimming, always check the URL of the payments page you’re on, especially if you were redirected from a merchant’s site.

Also, make sure to take note of the following domains as they contain malware:

● payment-mastercard[.]com
● google-query[.]com
● google-analytics[.]top
● google-smart[.]com
● google-payment[.]com
● jquery-assets[.]com
● sagepay-live[.]com
● google-query[.]com
● payment-sagepay[.]com
● payment-worldpay[.]com
● 124.156.34[.]157
● 47.245.55[.]198
● 5.53.124[.]235

Have you ever been a victim of web skimming before? Let us know in the comments below or over in our Facebook Group.

For almost 10 years Dave has been involved with eCommerce with a particular interest in the marketplaces and the huge opportunities available for sellers when utilizing a multi-channel strategy. After a year of being the UK’s youngest eCommerce consultant it was the opportunity to start UnderstandingE with Matt Ogborne showing the world how to utilize Magento as the Third Generation of Multi-Channel software. Dave also recently started a YouTube channel called the Manc Entrepreneur (click YouTube icon link below to watch Dave's videos) where he discusses all things eCommerce and entrepreneurship aimed to help young entrepreneurs get started on their own journey. When Dave isn’t working his main interests include, Technology, Cars and throwing himself off high things into water.


Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.