Daily Management Review

Growth Of Online Shopping Has Seen Rise Of New Form Of Cyber Stealing - e-Skimming


Growth Of Online Shopping Has Seen Rise Of New Form Of Cyber Stealing - e-Skimming
Consumers facing threats while at the gas pump or ATM from skimmers or hidden devices that are created to steal credit card information is nothing new.  However now hackers have gone a bit more hi tech where a more insidious and lucrative method is being used for skimming which has come to be known as Magecart.
Three people from Indonesia, who allegedly had conned hundreds of online shopping websites, were arrested by Interpol, the international agency that is a coordinator between police agencies in 194 countries. Those were the first arrests in this new form of skimming. The accused decamped with payment card details and personal data such as names, addresses and phone numbers using the new method, Interpol said.
Over the past two years, e-skimming attacks have hit companies large and small, which includes companies like Ticketmaster’s United Kingdom website in June 2018, Puma’s Australian website in April and Macy’s in October.
There was no comment available in the media from Macy’s, Puma and Ticketmaster.
“Any retailer that has a significant online presence that accepts online orders is definitely concerned about e-skimming. This has been in the news recently, and even big-name stores have been hit,” said Randy Pargman, senior director for threat hunting and counterintelligence at Binary Defense, which is an Ohio-based cybersecurity company engaged with monitoring of computers of companies to detect signals of attacks. The names of the clients were not disclosed by the company but confirmed that they were in the retail sector.
There are many ways that websites can be compromised by cybercriminals such as breaking into a common server that supports many online shopping websites or breaking into the web server directly. The aim of the hackers is to steal information.
The online shopping service is Magento is one such example which was acquired by Adobe in 2018 for more than $1.6 billion.  The Magecart name for this type of attack comes from Magento but can refer to attacks on other software as well.
“Magento is committed to delivering security to our customers, as well as helping to maintain that security,” said Gaby Yim, a spokeswoman for Adobe. “As the majority of exploits tend to target software installations that are not up to date with the latest security updates, we always strongly recommend that users install security updates as soon as they are available.”
It has been almost seven years that the FBI has been watching e-skimming, the investigating agency said. However, cybercriminals are becoming more sophisticated and are sharing the malware online, FBO said.
“If you are a company that has a heavy volume of credit card numbers being inputted into your website, at that point, you’re probably at a higher risk,” said Herb Stapleton, section chief for the FBI’s cyber division. “Now one thing about those types of companies is often they have more resources to invest in cybersecurity measures. So as a result of that, even some lower-traffic companies, some smaller and medium-sized businesses, are still at risk because some of them may not have the resources to invest as heavily in their cybersecurity.”
The modus operandi in e-skimming involves cyberhackers stealing information about consumers as they type the information into a online shopping website.