Categories: Ad Guardian PlusNews

Skimming attack with phishing techniques

A new digital skimming attack borrows phishing techniques and steals card data from fake payments page. Attackers used the secure payment pages, from third-party payment service providers, and inserted digital skimming code. They used fake Google Analytics library (ga.js), according to Malwarebytes.

Director of threat intelligence, Jérôme Segura, discovered a fake payment-mastercard[.]com domain. This was “hosting a completely different kind of skimmer that at first resembled a phishing site.”

This skimmer is interesting because it looks like a phishing page copied from an official template for CommWeb, a payments acceptance service offered by Australia’s Commonwealth Bank,” he explained. “The attackers have crafted it specifically for an Australian store running the PrestaShop Content Management System (CMS), exploiting the fact that it accepts payments via the Commonwealth Bank.”

Moreover, the fake payments page even alerts users if any fields they fill in are invalid.

After steeling victim’s details, they land on the real payment processor. The real Australian Commonwealth Bank site displayed along with the correct total amount due for purchase. This is possible by creating a unique session ID and reading browser cookies, Segura explained.

Externalizing payments shifts the burden and risk to the payment company such that even if a merchant site were hacked, online shoppers would be redirected to a different site (i.e. Paypal, MasterCard, Visa gateways) where they could enter their payment details securely,” he concluded.

Unfortunately, fraudsters are becoming incredibly creative in order to defeat those security defenses. By combining phishing-like techniques and inserting themselves in the middle, they can fool everyone.”

How the skimming attack works

The skimming attack is, thus, more dangerous than the previous ones. Here is the method it uses:  

  • The fake page collects the credit card data filled in by the victim. Then, it steals the data via the payment-mastercard rcard[.]com/ga.php?analytic={based64} URL.
  • Afterwards, the victim lands on the real payment processor.
  • In the end, the legitimate site for Australia’s Commonwealth Bank loads and displays the total amount due for the purchase.
Laurentiu Titei

View Comments

Leave a Comment
Share
Published by
Laurentiu Titei
Tags: cyber attackskimmingskimming attack
6 years ago

Recent Posts

Epson L5290 Driver Download and Install for Windows 11 and 10

Epson L5290 is recognized as a good all-in-one printer. This EcoTank printer is especially praised…

2 hours ago

Best Data Encryption Software for Windows 11/10

Data encryption software for Windows is one of the safest ways to prevent hackers and…

1 day ago

Best Antivirus Software for Windows 11/10 (Free and Paid)

While 2024 saw nearly 6.2 billion malware infections (mainly viruses), the number is projected to…

2 days ago

Best Online Virus Scanners for Windows Operating System

Did you know that roughly 17 million new malware (especially virus) infection instances are registered…

3 days ago

Top 13 Best Free Driver Updater Tools for Windows 10 and 11 in 2025

Are you on the lookout for the best free driver updater software? Look no further!…

3 days ago

CP2102 USB to UART Bridge Controller Driver Download and Install in Windows 10,11

The CP2102 driver is a connecting bridge between your computer and UART devices. It helps…

3 days ago