Online vendors are frequently unaware that cybercriminals can abuse their systems to defraud shoppers.
Europol, the EU’s police agency, said it had notified 443 online merchants that their customers’ credit card or payment data was compromised as a result of digital skimming attacks.
In digital skimming attacks, cybercriminals use sophisticated information technology to intercept data during the online checkout process, with customers or online merchants rarely noticing anything unusual happening at the time.
“Digital skimming attacks can go undetected for a long time. Payment or credit card information stolen as a result of these criminal acts is often offered for sale on illicit marketplaces on the darknet,” Europol said in a statement.
“Customers are usually not aware that their payment details have been compromised until the criminals have already used them to carry out an unauthorised transaction. Generally, it is difficult for customers to find the point of compromise,” it said.
Europol carried out the operation over the period of two months in partnership with national law enforcement authorities from 17 countries, including the US, and the EU’s cybersecurity agency (ENISA). Private sector companies Group-IB and Sansec were also involved.
Cybernews has recently reported about the rise of digital skimming attacks, with some campaigns picking up pace “drastically” ahead of the holiday season.
More from Cybernews:
Subscribe to our newsletter