A new digital skimming attack borrows phishing techniques and steals card data from fake payments page. Attackers used the secure payment pages, from third-party payment service providers, and inserted digital skimming code. They used fake Google Analytics library (ga.js), according to Malwarebytes.
Director of threat intelligence, Jérôme Segura, discovered a fake payment-mastercard[.]com domain. This was “hosting a completely different kind of skimmer that at first resembled a phishing site.”
“This skimmer is interesting because it looks like a phishing page copied from an official template for CommWeb, a payments acceptance service offered by Australia’s Commonwealth Bank,” he explained. “The attackers have crafted it specifically for an Australian store running the PrestaShop Content Management System (CMS), exploiting the fact that it accepts payments via the Commonwealth Bank.”
Moreover, the fake payments page even alerts users if any fields they fill in are invalid.
After steeling victim’s details, they land on the real payment processor. The real Australian Commonwealth Bank site displayed along with the correct total amount due for purchase. This is possible by creating a unique session ID and reading browser cookies, Segura explained.
“Externalizing payments shifts the burden and risk to the payment company such that even if a merchant site were hacked, online shoppers would be redirected to a different site (i.e. Paypal, MasterCard, Visa gateways) where they could enter their payment details securely,” he concluded.
“Unfortunately, fraudsters are becoming incredibly creative in order to defeat those security defenses. By combining phishing-like techniques and inserting themselves in the middle, they can fool everyone.”
The skimming attack is, thus, more dangerous than the previous ones. Here is the method it uses:
Epson L3150 is a highly efficient all-in-one solution for wireless printing. This wireless EcoTank printer…
Windows creates files called prefetch files when you load an application for the first time.…
Did you know that the computer gaming industry is a massive market with revenue estimated…
The Epson L121 printer is a reliable printing machine recognized for its fast print speed…
Does the music on your computer not sound the way it should? Then, you need…
Did you know that over 10.5% of adults across the globe have diabetes? While that…
View Comments