These past few weeks, we’ve brought to you the ’12 Threats of Christmas’. One of those threats focused on the cyber tactic phishing, which is the most popular tactic in a criminal’s arsenal.
Security researchers have discovered a new digital skimming attack which borrows phishing techniques to steal credit and debit card data from a bogus payments page on a shopping websites.
Websites which enable customers to pay for their purchases online,often use secure payment pages, hosted by third-party payment providers.
Hackers have now become savvy to this, and according to Malwarebytes have been working hard to infiltrate this secure system. They have been able to insert digital skimming code, loaded as a fake Google Analytics library called ga.js.
Jérôme Segura, Director of Threat Intelligence at Malwarebytes, discovered a fake payment-mastercard[.]com domain that was:
“hosting a completely different kind of skimmer that at first resembled a phishing site.”
Mr Segura explains:
“This skimmer is interesting because it looks like a phishing page copied from an official template for CommWeb, a payments acceptance services offered by Australia’s Commonwealth Bank.
“The attackers have crafted its specifically for an Australian store running the PrestaShop Content Management System (CMS), exploiting the fact that it accepts payments via the Commonwealth Bank.”
Hackers have even gone to the trouble of alerting users if they haven’t filled in all of the required fields, by alerting them to those that are missed.
Once the payment is ‘processed’ and the card details harvested, the victim is then transferred to the real payment processer. The real Australian Commonwealth Bank site if displayed along with the correct amount due for purchase.
Mr Segura added:
“This is done by creating a unique session ID and reading browser cookies.
“Externalizing payments shifts the burden and risk to the payment company such that even if a merchant site were hacked, online shoppers would be redirected to a different site (i.e. Paypal, MasterCard, Visa gateways) where they could enter their payment details securely.
“Unfortunately, fraudsters are becoming incredibly creative in order to defeat those security defuses. By combining phishing-like techniques and inserting themselves in the middles, they can fool everyone.”