Serviceteam IT Security News

Security researchers have discovered a new digital skimming attack which borrows phishing techniques to steal card data from a fake payments page.

E-commerce sites often use secure payment pages hosted by third-party payment service providers (PSPs).

However, attackers have used this system to insert digital skimming code loaded as a fake Google Analytics library called ga.js, according to Malwarebytes.

Director of threat intelligence, Jérôme Segura, discovered a fake payment-mastercard[.]com domain that was “hosting a completely different kind of skimmer that at first resembled a phishing site.

“This skimmer is interesting because it looks like a phishing page copied from an official template for CommWeb, a payments acceptance service offered by Australia’s Commonwealth Bank,” he explained.  “The attackers have crafted it specifically for an Australian store running the PrestaShop Content Management System (CMS), exploiting the fact that it accepts payments via the Commonwealth Bank.”

The fake payments page even alerts users if any fields they fill in are invalid.

After the victim’s details are exfiltrated, they are redirected to the real payment processor. The real Australian Commonwealth Bank site is displayed along with the correct total amount due for purchase. This is done by creating a unique session ID and reading browser cookies, Segura explained.

“Externalizing payments shifts the burden and risk to the payment company such that even if a merchant site were hacked, online shoppers would be redirected to a different site (i.e. Paypal, MasterCard, Visa gateways) where they could enter their payment details securely,” he concluded.

“Unfortunately, fraudsters are becoming incredibly creative in order to defeat those security defenses. By combining phishing-like techniques and inserting themselves in the middle, they can fool everyone.”

Source: Infosecurity Magazine

With over 20 years of experience, Serviceteam IT design and deliver sophisticated connectivity, communication, continuity, and cloud services, for organisations that need to stay connected 24/7. We take the time to fully understand your current challenges, and provide a solution that gives you a clear understanding of what you are purchasing and the benefits it will bring you.

To find out how we can help you, call us on 0121 468 0101, use the Contact Us form, or why not drop in and visit us at 49 Frederick Road, Edgbaston, Birmingham, B15 1HN.

We’d love to hear from you!