Online Shoppers at Risk as Magecart Skimming Hits Major Payment Networks

In recent years, online shoppers have faced increasing threats from cybercriminals, particularly through a technique known as Magecart skimming. This method has been targeting several major payment providers, including American Express, Diners Club, Discover, and Mastercard. Understanding Magecart and the associated risks is crucial for both consumers and e-commerce businesses.

What is Magecart?

Magecart is an umbrella term that refers to a group of criminal organizations specializing in stealing payment data from online checkout pages. This is accomplished using malicious JavaScript, a technique commonly known as web skimming. Initially, Magecart targeted Magento-based web stores, but over time, it has expanded its reach to include various e-commerce platforms.

How Magecart Attacks Work

In a typical Magecart attack, cybercriminals inject JavaScript into legitimate checkout pages. This malicious code captures sensitive payment information, including card numbers, expiration dates, card verification codes (CVC), and personal details as shoppers enter them. The data is then sent directly to the attackers.

Researchers have tracked a Magecart campaign that has been active since early 2022. This campaign has targeted a vast network of domains related to credit card skimming operations, affecting multiple major payment network providers. The attackers exploit vulnerabilities in supply chains, third-party scripts, or the websites themselves to plant web skimmers.

Characteristics of Magecart Skimmers

Web skimmers are designed to hook into the checkout process using JavaScript. They are often heavily obfuscated, making them difficult to detect. Some skimmers even have self-destruct routines that remove them from the page after they have captured the necessary data, which can mislead investigations conducted through administrative sessions.

Moreover, attackers utilize bulletproof hosting services to maintain a stable environment for their operations. Bulletproof hosting refers to web hosting services that deliberately ignore abuse complaints and takedown requests, providing a safe haven for cybercriminals.

Impact on Stakeholders

Magecart campaigns affect three primary groups: customers, merchants, and payment providers. Because web skimmers operate within web browsers, they can bypass many traditional server-side fraud controls, making it challenging for merchants and payment providers to detect and mitigate these threats.

While shoppers cannot directly fix compromised checkout pages, they can take proactive steps to reduce their exposure to fraud and improve their chances of spotting it early.

How to Stay Safe from Magecart Attacks

Here are some essential tips for online shoppers to protect themselves against Magecart skimming:

• Use Virtual or Single-Use Cards: For online purchases, consider using virtual or single-use credit cards. This limits the lifetime and spending scope of any skimmed card number.
• Enable Transaction Alerts: Turn on transaction alerts via SMS, email, or app push notifications for card activity. Regularly review your statements to spot any unauthorized charges quickly.
• Use Strong, Unique Passwords: Ensure that you use strong and unique passwords for your bank and card portals. This helps prevent attackers from easily pivoting from stolen card data to full account takeovers.
• Use Web Protection Solutions: Employ web protection solutions that can help avoid connecting to known malicious domains. For instance, Malwarebytes Browser Guard is a free tool that blocks harmful sites and scripts.

Conclusion

As online shopping continues to grow, so do the tactics used by cybercriminals like those in Magecart operations. It is vital for both consumers and merchants to remain vigilant and proactive in safeguarding their sensitive information. By following the recommended safety measures, shoppers can significantly reduce their risk of falling victim to these types of attacks.

Frequently Asked Questions

Note: Staying informed about the latest cybersecurity threats and adopting preventive measures is crucial for online safety.