What is Web Skimming?

What is Web Skimming

Back to Basics

Web skimming gets its name from the physical card skimmers criminals use in some physical retail stores to steal credit card information. Web skimming has a similar goal of stealing personally identifiable information (PII) and credit card information to be used by criminals. Also known as digital skimming, criminals use compromised retail websites to insert malicious JavaScript code to record information during the online checkout process. The skimming software can live on retail pages for months without the business being aware because it does not shut down or lock up information like malware. Additionally, criminals are getting better at hiding the skimmers and making them look like third-party services to prevent web security updates from detecting them.

Recently WordPress and Shopify were exploited by sophisticated web skimmers that looked like Google Tag Manager and Facebook Pixel services to conceal the malicious code and keep the skimmers running longer. Criminals track vulnerabilities in legitimate e-commerce websites and look for opportunities to insert malicious code into the checkout pages. Typically these vulnerabilities come in the form of security updates and plugins. Once a vulnerability is known, criminals can search the web for businesses that are not keeping up with security updates and use the published vulnerabilities to compromise the site.

These high-level skimmers used JavaScript to load the full attack code, so the complete code was not hosted on the victim’s website. Additionally, the code would only steal an individual user’s information once to prevent further detectability. The criminals of this latest attack targeted e-commerce hosting sites, so they would distribute the malicious code to their customers, further spreading the skimmers for the hackers. Consumers should be aware of the advancement in sophisticated skimmers and be aware of the credit cards they use on e-commerce sites.

Quanexus IT Support Services for Dayton and Cincinnati

Request your free network assessment today. There is no hassle, or obligation.

If you would like more information, contact us here or call 937.885.7272.

Follow us on FacebookTwitter and LinkedIn and stay up to date on by subscribing to our email list.

Posted by Charles Wright