Black Friday scammers are after your credit card details


Threat actors actively target e-commerce stores to steal financial data as consumers flock to online shops for yearly deals.

Fraudsters capitalize on the uptick in online shopping. Web threats, such as payment card skimming attacks against e-commerce stores, become much more prevalent this time of year.

Zscaler ThreatLabz has observed an uptick in such threats against Magento and Presta-based e-commerce stores. Magento and Presta are e-commerce platforms written in the PHP programming language.

Zscaler shared details of four groups behind skimming attacks with little to no documentation in the public domain so far.

"Most of the indicators related to these attacks have no detection by security vendors," the company said.

These threat actors primarily target retailers in the US, UK, Australia, and Canada. Most of the attacks have a shelf life of more than one month.

According to the researchers, new variants of skimming attacks rely on the heavy use of JavaScript obfuscation, making its detection more difficult.

Threat actors usually host the JavaScript skimmer code on their domains and inject links to these skimmers into the compromised e-commerce sites.

These codes are designed to capture credit card information once a customer enters their banking information into the infected site to make a purchase.

For e-commerce store owners, ZScaler advises ensuring they are running the latest version of e-commerce software. To confirm whether the store has already been infected or not, owners can scan their servers for unrecognized new files or modifications to existing files.

"We advise the users to pay close attention to any unauthorized payments made using their payment card and get in touch immediately with their respective payment card or banking authorities in case they notice unrecognized transactions," ZScaler said.

In an October blog post, cybersecurity company IB Group said threat actors in the carding industry are switching to JavaScript sniffers to collect card text data (bank card numbers, expiration dates, owners' names, addresses, CVVs) from e-commerce websites.

In addition to infecting legitimate online stores, criminals also set up their own fake shops to lure users into spending money directly there.