Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Card Skimming. Show all posts
Skimmer
ATM Bank Credentials Card Skimming Credit Card Cyber Security Financial Data Financial Security Phishing Attacks Skimmer

Taking Measures to Prevent Card Skimming and Shimming

Protecting your financial information is crucial in the digital era we live in today. Credit card skimming and shimming have grown to be serious risks to customers all around the world with the emergence of sophisticated cybercrime techniques. Maintaining your financial stability depends on your ability to recognize and resist these approaches.

Credit card skimmers, according to PCMag, are deceptive gadgets installed on legal card readers, such as ATMs or petrol pumps, with the purpose of capturing and storing your card information. Cybercriminals have adapted by utilizing shimmers, which are extremely thin devices inserted into the card reader slot, according to KrebsOnSecurity, which cautions that even with the switch to chip-based cards, they have done so. These shimmers allow them to intercept the data from the chip.

The Royal Canadian Mounted Police (RCMP) provides valuable insights into how criminals install skimmers. They often work quickly and discreetly, making it hard for victims to notice. They may place a fake card reader on top of the legitimate one or install a small camera nearby to capture PIN numbers.

To protect yourself, it's important to be vigilant. MakeUseOf suggests a few key steps:

  • Inspect the Card Reader: Before using an ATM or a card reader at a gas pump, take a moment to examine the card slot. Look for any unusual devices or loose parts.
  • Cover Your PIN: Use your hand or body to shield the keypad as you enter your PIN. This simple step can prevent criminals from capturing this crucial piece of information.
  • Monitor Your Accounts: Regularly review your bank and credit card statements for any unauthorized transactions. Report any suspicious activity to your bank immediately.
  • Choose ATMs Wisely: Whenever possible, use ATMs located in well-lit, high-traffic areas. Avoid standalone ATMs in secluded or poorly monitored locations.
  • Stay Informed: Keep up-to-date with the latest scams and techniques used by cybercriminals. Knowledge is your best defense.
Remaining vigilant and well-informed is your primary defense against credit card skimmers and shimmers. By adopting these practices and staying aware of your surroundings, you can significantly reduce the risk of falling victim to these insidious forms of cybercrime. Remember, your financial security is well worth the extra effort.


Read more »
Online Security
Card Skimming Credit Card Fraud Cyber Security Data Theft Online Security

Here's How to Safeguard Your Credit Card Info

 

Sure, you recognise a phishing email (even if your parents don't). Unfortunately, thieves are constantly coming up with new ways to get unauthorised access to credit card information, leaving you with financial losses and emotional distress. While hackers demonstrate their limitless creativity, the old means of defrauding do not appear to be fading away. 

Here's what you need to know about the different ways your credit card information might be stolen so you can safeguard your financial well-being. 

Phishing scam

One of the most common ways to get credit card information continues to be phishing. You may be duped into providing your credit card information by cybercriminals who send false emails, messages, or fake websites that appear to be legitimate companies. If you refrain from your research before responding to a suspicious phishing email, you can end up "confirming your identity" with a hacker. 

The following are some effective anti-phishing strategies: Never click on shady links or give confidential information to an unknown. When confirming an email's legitimacy, double-check the sender's address. There is no chance that your bank will get in touch with you through Gmail. 

Card skimming

Yes, ATM card skimming still occurs in the digital era. When fraudsters install devices on ATMs, petrol pumps or point-of-sale terminals to steal credit card information from unknowing victims, this is called card skimming. These devices can be hard to find, and the information obtained from them is later utilised to make cloned cards or make online payments.

You should check card readers for signs of manipulation, cover your hand when entering your PIN, utilise ATMs that are located in secure, well-lit places, and use mobile pay or tap to pay whenever feasible to protect yourself against card skimming. 

Breach of confidentiality 

Data breaches occur when hackers secure access to a company's systems and steal critical consumer information, such as credit card information. Unfortunately, these breaches are prevalent and can impact even major, well-known companies. Cybercriminals may then sell or utilise this information for fraudulent transactions on the dark web. 

Check for data breach notifications from firms with which you have accounts on a regular basis, and use two-factor authentication whenever possible. If you learn that your information has been exposed as a result of a data breach, you should change your password on any sites where you use the same login information—and avoid reusing passwords! 

Physical thievery 

With all of the modern tools of theft to be aware of, we must not overlook good old-fashioned pickpocketing. Even losing your wallet or purse can expose your credit card information, especially if the criminal watched you enter your PIN at the ATM before robbing you. If your card is lost or stolen, don't put it off: notify your bank right away to limit the damage. 

The bottom line when it comes to avoiding credit card fraud is to be attentive, practise good security habits, and constantly examine your financial statements to discover any strange activity as soon as possible. The best line of defence against credit card theft is to be vigilant and knowledgeable.
Read more »
online theft
Card Skimming Credit Card Fraud Cyber Attacks E-Commerce Websites online theft

Online Thieves Target Legitimate Ecommerce CCTSites to Steal Credit Cards

 

In a recent Magecart credit card theft campaign, legitimate websites are taken over and used as "makeshift" command and control (C2) servers to inject and conceal skimmers on selected eCommerce sites.

An online store breached by hackers to insert malicious scripts that steal customers' credit cards and personal information while they are checking out is known as a "Magecart attack." 

The United States, the United Kingdom, Australia, Brazil, Peru, and Estonian organisations have all been penetrated, according to Akamai researchers following this campaign.

A further indication of the stealthiness of these attacks, according to the cybersecurity firm, is the fact that many victims haven't been aware they've been compromised for more than a month. 

Exploiting legitimate sites 

The initial step taken by the attackers is to find trustworthy websites that are vulnerable and hack them to host their malicious code and function as C2 servers for their attacks. 

Threat actors avoid detection and blockades and are spared from having to build up their own infrastructure by disseminating credit card skimmers through reputable, legal websites. 

The next step taken by the attackers is to insert a short JavaScript snippet into the target e-commerce websites that retrieves the malicious code from the previously compromised websites.

"Although it is unclear how these sites are being breached, based on our recent research from similar, previous campaigns, the attackers will usually look for vulnerabilities in the targeted websites' digital commerce platform (such as Magento, WooCommerce, WordPress, Shopify, etc.) or in vulnerable third-party services used by the website," researchers explained in the report. 

To enhance the attack's stealthiness, the threat actors developed the skimmer's structure to mimic that of Google Tag Manager or Facebook Pixel, which are well-known third-party services that are unlikely to draw attention. Base64 encoding also hides the host's URL. 

Data theft details 

Akamai claims to have observed two different skimmer iterations being used in the specific campaign. 

A number of CSS selectors that target consumer PII and credit card information are included in the initial version, which is highly obscured. For each site that was targeted, a different set of CSS selectors was created specifically for that victim. 

The second skimmer variant's lack of security allowed indicators in the code to be exposed, which allowed Akamai to map the campaign's distribution and identify more victims.

The data is sent to the attacker's server via an HTTP request formed as an IMG tag inside the skimmer after the skimmers steal the customers' personal information. The data also has a layer of Base64 encoding to obscure the transmission and lessen the chance that the victim will notice the breach. 

By safeguarding website admin accounts effectively and updating their CMS and plugins, website owners may fend off Magecart invasions. By adopting electronic payment methods, virtual cards, or restricting how much can be charged to their credit cards, customers of online stores can reduce the danger of data exposure.
Read more »
User Security
Card Skimming Cyber Security Data Safety Malicious Device Skimming Device Toy Gadget User Security

Amazon Bans Flipper Zero for Being a Card Skimming Tool

 

The Flipper Zero portable multi-tool for pen testers is no longer available for purchase on Amazon as the company has designated it as a card-skimming device, prohibiting its sale on the platform. 

According to Pavel Zhovner, CEO of Flipper Devices, the company asked Amazon to reconsider the prohibition because the gadget cannot skim bank cards. 

The Flipper Zero is a small, mobile, programmable pen-testing device that may assist in experimenting with and debugging a variety of digital and physical devices via many protocols, including RFID, radio, NFC, infrared, Bluetooth, and others.

Since its release, users have demonstrated Flipper Zero's skills by showing how it can ring doorbells, perform replay assaults to unlock cars and open garage doors, and copy a variety of digital keys. 

Flipper Zero has now been blocked by Amazon, which has labelled it as a "restricted product," according to notices distributed to vendors on Thursday evening.

On the Amazon Seller Central website, card-skimming tools are listed next to key-copying tools and shoplifting tools like sensormatic detachers under the restricted product category for lock picking and theft devices. 

There are currently some dead links to previously accessible Amazon pages that sold Flipper Zero tools, with the message "sorry, we couldn't find that page." 

At this time, Flipper Zero offerings on Amazon are limited to accessories like silicone cases, screen protectors, and WiFi Devboards.

"This product has been identified as a card skimming device. Amazon policy prohibits the sale or listing of card skimming devices," reads a notification sent to one Amazon seller confirming a Flipper Zero sell page was removed from Amazon's catalogue."

"We took this action because this product is not permitted for sale on Amazon.com. It is your obligation to make sure the products you offer comply with all applicable laws, regulations, and Amazon's policies."

The firm also issued a warning to Flipper Zero merchants, advising them to review all of their other items and delete any other prohibited products within 48 hours, failing which their accounts would be deactivated. 

"Within 48 hours of this warning please review your listings and close, delete, or archive any listings that do not comply with all applicable laws, regulations, and Amazon's policies. Failure to properly close or delete all restricted product listings from your inventory may result in the deactivation of your selling account, and funds may be permanently held." 

The Amazon prohibition won't bother all of Flipper Zero's potential customers, though, because those who sold it there were doing so at a premium. You can still purchase a Flipper Zero through the manufacturer's official store, which is frequently restocked. 

On the basis of its claimed use by criminals, the Brazilian National Telecommunications Agency has also been confiscating incoming Flipper Zero purchases. Brazilians who purchased the devices claim that all certification attempts have been refused by the government agency.
Read more »
Tactics
Card Skimming Credit Card Fraud Credit Card Stealer Cyber Security Microsoft Safety Security Tactics

Microsoft: Credit Card Stealers are Switching Tactics to Conceal the Attack

 

Attackers are manipulating e-commerce checkout websites and capturing payment card information by utilising picture files with a concealed malicious PHP script. According to Microsoft, card-skimming malware is increasingly employing malicious PHP scripts on web servers to modify payment sites and circumvent browser safeguards activated by JavaScript code. 

Card-skimming malware has changed its approach, according to Microsoft threat analysts. Card skimming has been dominated over the past decade by the so-called Magecart malware, which uses JavaScript code to inject scripts into checkout pages and transmit malware that grabs and steals payment card information. Injecting JavaScript into front-end processes was very conspicuous, according to Microsoft, because it might have triggered browser defences such as Content Security Policy (CSP), which prevents external scripts from loading. 

By attacking web servers with malicious PHP scripts, attackers discovered a less noisy method. In November 2021, Microsoft discovered two malicious image files on a Magento-hosted server, one of which was a fake browser favicon. Magento is a well-known e-commerce system. The images included an embedded PHP script, which did not run on the compromised web server by default. Instead, in order to only target shoppers, the PHP script only starts after validating via cookies that the web admin is not currently signed-in. 

The PHP script obtained the current page's URL and looked for the keywords "checkout" and "one page," which are linked to Magneto's checkout page. "The insertion of the PHP script in an image file is interesting because, by default, the webserver wouldn't run the said code. Based on previous similar attacks, we believe that the attacker used a PHP 'include' expression to include the image (that contains the PHP code) in the website's index page, so that it automatically loads at every webpage visit," Microsoft explained. 

Malicious PHP is increasingly being used in card-skimming malware. Last week, the FBI issued a warning about new examples of card-skimming attackers infecting US business checkout sites with web shells for backdoor remote access to the webserver using malicious PHP. Sucuri discovered that PHP skimmers targeting backend web servers were responsible for 41% of new credit card-skimming malware discovered in 2021. Magecart Group 12 is distributing new web shell malware, according to Malwarebytes, that dynamically loads JavaScript skimming code via server-side requests to online merchants. 

Malwarebytes' Jérôme Segura noted, "This technique is interesting as most client-side security tools will not be able to detect or block the skimmer. Unlike previous incidents where a fake favicon image was used to hide malicious JavaScript code, this turned out to be a PHP web shell."    

However, dangerous JavaScript is still used to skim cards. Card-skimming malware based on JavaScript spoofing Google Analytics and Meta Pixel (previously Facebook Pixel) scripts, for example, was discovered by Microsoft.
Read more »
User Security
Card Skimming Credit Card Cyber Fraud Cyber Scam User Security

WooCommerce Credit Card Stealer Found Implanted in Fake Images

 

Card skimming and card details theft is one such sophisticated technique attack that seldom fails. Earlier this week, cybersecurity researchers at Sucuri blog unmasked a malicious campaign where a credit card swiper was injected into WordPress’ wp-settings.php file. The WooCommerce customers reported that images were disappearing from the cart almost as soon as they were uploaded. 

According to researchers, the credit card skimmer was buried deep down into the file titled '../../Maildir/sub.main', and it was easy to miss on a casual review. Scammers usually prefer to deploy malicious content out of the way so it is more difficult to detect. The common tactic employed is to create directories that look like system directories, or to place malware in existing core CPanel or other server directories. 

Upon analyzing the malicious file, researchers uncovered over 150 lines of code that had been obfuscated with str_rot13 and base64. Attackers also used multiple functions to store credit card data concealed in the wp-content/uploads/highend/dyncamic.jpg image file. When decoded, that data revealed not only credit card details submitted to the site, but also admin credentials to the site’s backend. 

Injecting card skimmers into WordPress plugin files is the newest trend, avoiding the heavily watched ‘wp-admin’ and ‘wp-includes’ core folders, where most injections are short-lived. It is one of the most lucrative and stealth attack tactics employed by scammers to make money. 

There are a couple reasons why this is a useful tactic. The primary reason is that it makes it very easy for scammers to download the stolen details in their browser or a console. Secondly, most website/server malware detection scans focus on website file extensions such as PHP, JS, and HTML. Image files, particularly those in a wp-content/uploads sub-directories, can sometimes be overlooked.

“Scammers are aware that most security plugins for WordPress contain some way to monitor the file integrity of core files (that is, the files in wp-admin and wp-includes directories). This makes any malware injected into these files very easy to spot even by less experienced website administrators. The next logical step for them would be to target plugin and theme files,” researchers explained.
Read more »
Online Shopping
Card Skimming Cyber Security Data Theft Fraudsters Online Shopping

Payment Card Skimming Resurfaces with an Internet Twist

 

Card skimming has existed prior to the mainstream internet and is experiencing a revival as financial fraudsters recognise new potential to combine physical world data theft with online intrusion to steal even more money and information than ever. Only a week ago, it was announced that over 500 online retail sites were victims of a large "card skimming" incident, in which threat actors placed a device that allowed them to duplicate and steal the data from valid debit and credit cards as they were used for purchases. 

Card skimming fraudsters used to implant a physical device into ATMs or payment terminals to steal information from genuine consumers' payment cards. Nowadays, since online shopping is more popular than ever, cyber thieves are utilising malware placed into the checkout pages of online commerce sites to acquire credit card information, which they can then resell or use in their own nefarious schemes. 

Sansec, a malware and vulnerability detection firm that works with over 7,000 online retailers, was among the first to notice this fraudulent card skimming activity earlier this month. The vendor proposes "cleaning" the affected retail sites in order to remove the harmful code, but experts fear that these cyber-skimmers may just shift their strategy and look for "backdoors" through which they can implement their viruses. 

Many of these new card-skimming attacks, as well as other card information theft tactics where the card is not physically present at the moment of transaction, have been linked to the Magecart cybercriminal gang. Furthermore, if mobile phones begin to have card readers, this situation may worsen. 

The cybersecurity firm was able to speak with the administrators of the hijacked websites, according to another report by Ars Technica. They noticed that the hackers used a SQL injection flaw as well as a PHP object injection attack. Both were apparently using Quickview, a Magento 2 extension that allows buyers to quickly view product information without having to load the listings. 

The hackers were able to add an additional validation rule to the customer_eav_attribute table by misusing the Magento plugin. Furthermore, the credit card skimming group injected a payload onto the site. In order for the code to run successfully, the hackers must first "unserialize" the data on Magento. They would then log in as a new guest on the website.
Read more »
Online Retailers
Card Skimming Data Breach HTML Magecart Malicious actor Online Retailers

Credit Cards Were Forged from a Prominent e-Cigarette Store

 

Since being breached, Element Vape, a famous online retailer of e-cigarettes including vaping kits, is harboring a credit card skimmer on its website. In both retail and online storefronts in the United States and Canada, this retailer provides e-cigarettes, vaping equipment, e-liquids, and Synthetic drugs.
 
Its website Element Vape is uploading a potentially Malicious file from either a third-party website that appears to be a credit card stealer. Magecart refers to threat actors who use credit card cybercriminals on eCommerce sites by infiltrating scripts. 

On numerous shop webpages, beginning with the homepage, a mystery base64-encoded script may be seen on pages 45-50 of the HTML source code. For an unknown period of time, the computer worm has so far been present on ElementVape.com. 

This code was gone as of February 5th, 2022, and before, according to a Wayback Machine review of ElementVape.com. As a result, the infection appears to have occurred more recently, probably after the date and before today's detection. When decoded, it simply fetches the appropriate JavaScript file from a third-party site :

/weicowire[.]com/js/jquery/frontend.js

When this script was decoded and examined, it was apparent – the collection of credit card and invoicing information from clients during the checkout. The script looks for email addresses, payment card details, phone numbers, and billing addresses (including street and ZIP codes). 

The attacker acquires these credentials via a predefined Telegram address in the script which is disguised. The code also has anti-reverse-engineering features which check if it's being run in a sandbox or with "devtools" to prevent it from being examined.

It's unclear how the backend code of ElementVape.com was altered in the first place to allow the malicious script to enter. Reportedly, this isn't the first instance Element Vape's security has been breached. Users reported getting letters from Element Vape in 2018 indicating the company had a data breach so the "window of penetration between December 6, 2017, and June 27, 2018, might have revealed users" personal details to threat actors. 
Read more »
Subscribe to: Posts (Atom)