Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Skimmer. Show all posts

Taking Measures to Prevent Card Skimming and Shimming

Protecting your financial information is crucial in the digital era we live in today. Credit card skimming and shimming have grown to be serious risks to customers all around the world with the emergence of sophisticated cybercrime techniques. Maintaining your financial stability depends on your ability to recognize and resist these approaches.

Credit card skimmers, according to PCMag, are deceptive gadgets installed on legal card readers, such as ATMs or petrol pumps, with the purpose of capturing and storing your card information. Cybercriminals have adapted by utilizing shimmers, which are extremely thin devices inserted into the card reader slot, according to KrebsOnSecurity, which cautions that even with the switch to chip-based cards, they have done so. These shimmers allow them to intercept the data from the chip.

The Royal Canadian Mounted Police (RCMP) provides valuable insights into how criminals install skimmers. They often work quickly and discreetly, making it hard for victims to notice. They may place a fake card reader on top of the legitimate one or install a small camera nearby to capture PIN numbers.

To protect yourself, it's important to be vigilant. MakeUseOf suggests a few key steps:

  • Inspect the Card Reader: Before using an ATM or a card reader at a gas pump, take a moment to examine the card slot. Look for any unusual devices or loose parts.
  • Cover Your PIN: Use your hand or body to shield the keypad as you enter your PIN. This simple step can prevent criminals from capturing this crucial piece of information.
  • Monitor Your Accounts: Regularly review your bank and credit card statements for any unauthorized transactions. Report any suspicious activity to your bank immediately.
  • Choose ATMs Wisely: Whenever possible, use ATMs located in well-lit, high-traffic areas. Avoid standalone ATMs in secluded or poorly monitored locations.
  • Stay Informed: Keep up-to-date with the latest scams and techniques used by cybercriminals. Knowledge is your best defense.
Remaining vigilant and well-informed is your primary defense against credit card skimmers and shimmers. By adopting these practices and staying aware of your surroundings, you can significantly reduce the risk of falling victim to these insidious forms of cybercrime. Remember, your financial security is well worth the extra effort.


Newly Detected Magecart Infrastructure Discloses the Scale of Ongoing Campaign

 

A recently discovered Magecart skimming campaign has its origins in an earlier attack activity dating back to November 2021. 

To that end, Malwarebytes revealed in a Tuesday investigation that two malware domains identified as hosting credit card skimmer code — "scanalytic[.]org" and "js.staticounter[.]net" — are part of a larger infrastructure used to carry out the attacks. 

Jérôme Segura stated, "We were able to connect these two domains with a previous campaign from November 2021 which was the first instance to our knowledge of a skimmer checking for the use of virtual machines. However, both of them are now devoid of VM detection code. It's unclear why the threat actors removed it, unless perhaps it caused more issues than benefits." 

Based on the other domains discovered, the earliest indication of campaign activity has been around since May 2020. Magecart is a cybercrime syndicate made up of dozens of subgroups that specialise in hacks involving digital credit card fraud through the injection of JavaScript code into e-commerce shops, often on checkout pages. 

Operatives obtain access to websites either directly or through third-party firms that provide software to the targeted websites. While the attacks first received attention in 2015 for targeting the Magento e-commerce platform (the term Magecart is a combination of "Magento" and "shopping cart"), they have now spread to other platforms, including a WordPress plugin called WooCommerce. 

According to a Sucuri study published in April 2022, WordPress has surpassed Magento as the leading CMS platform for credit card skimming malware, exceeding Magento as of July 2021, with skimmers hidden in websites as false photos and seemingly harmless JavaScript theme files. 

Furthermore, during the first five months of 2022, WordPress websites accounted for 61 per cent of known credit card skimmer malware detections, followed by Magento (15.6 per cent), OpenCart (5.5 per cent), and others (17.7 per cent). 

"Attackers follow the money, so it was only a matter of time before they shifted their focus toward the most popular e-commerce platform on the web," Sucuri's Ben Martin stated at the time.