The holiday season is here and as always there will be an increase in online shopping activity. Security researchers at Zscaler say “e-skimming attacks” are something to watch out for, and they predict they will be even more lucrative for threat actors this holiday season. “Skimming” or “card skimming” was originally used to describe the physical tampering of point-of-sale (POS) devices, ATMs and gas pumps by placing a hidden device inside them to steal credit card information. Similarly, “e-skimming” is when that crime happens online via a web store—cybercriminals steal credentials and sensitive payment information from website visitors when they enter their information. Digital skimmers use malicious javascript code that sniffs for user text entries or creates malicious fake payment forms to steal credit card information. Researchers have witnessed specifically Magento and Presta-based e-commerce stores in the U.S., U.K., Australia, and Canada being targeted for these attacks since July 2022. You can read more about this on the online security blog Security Boulevard. After the information is stolen, these scams can go totally unnoticed by the victim until they see the fraudulent charges on their credit or debit cards, sometimes months or years later. How can you protect yourself? Ensure that you’ve got a secure connection when shopping online. If you are entering personal information, the URL should start with HTTPS:// rather than just HTTP:// and have a little padlock icon in the URL bar, which indicates that the site has a valid certificate and is not a website being spoofed. Monitor your bank account closely for suspicious activity. The people behind skimming and e-skimming scams often rely on the fact that the people that they’re targeting don’t check their bank or credit card statements as often as they should. Sometimes the initial theft can be small amounts of money to test if the card owner is watching.
| 
