MICROSOFT has flagged a malware program that steals your credit card information.
The company reported that the latest techniques employed by hackers are more subtle than past card skimming schemes.
2
2
Web skimming is a hacking term for using code to scan a webpage for payment information.
Microsoft said that web skimming attempts are normally deployed against browser platforms like “Magento, PrestaShop and WordPress” because of their widespread use and connection to e-commerce.
In November 2021, a malicious bug was planted into a Magento server that would automatically search for the terms “checkout” and “one page” in search of credit card data.
The FBI said hackers were “sending the scraped data to an actor-controlled server that spoofed a legitimate card processing server.”
The latest version of the scam involves writing a “PHP script” into the server.
The bit of code will sit silently and idly until it has determined the site’s administrators are not logged in, according to ZDNet.
“Based on previous similar attacks, we believe that the attacker used a PHP ‘include’ expression to include the image (that contains the PHP code) in the website’s index page, so that it automatically loads at every webpage visit,” Microsoft wrote in a cybersecurity blog post.
“The impact of web skimming campaigns could translate into monetary loss, reputation damage, and loss of customer trust,” Microsoft said.
Most read in Tech
Both consumers and retailers have reason for concern.
“Online shoppers can protect themselves from web skimming attacks by ensuring their browser sessions are secure, especially during the checkout process,” Microsoft said.
“Be wary of any unexpected or suspicious pop-ups that ask for payment details.”
The best form of internet protection is a skeptical mind and updated security patches.
Monitor your credit card spending history and keep an eye on the browser’s URL when shopping online – if something looks fishy, it probably is.
We pay for your stories!
Do you have a story for The US Sun team?
