Researchers have uncovered a new digital skimming attack which threat actors are now using to steal card data.
In a blog post, Jérôme Segura, director of threat intelligence at Malwarebytes explained that a new attack scheme has emerged whereby users are tricked into believing they are on a payment service platform (PSP).
E-commerce sites use PSPs to redirect the users from a merchant site onto a secure page maintained by a payment processing company. However, threat actors also use this system by inserting digital skimming code loaded as fake Google Analytics library page called ga.js.
“This skimmer is interesting because it looks like a phishing page copied from an official template for CommWeb, a payments acceptance service offered by Australia’s Commonwealth Bank,” Segura said.
“The attackers have crafted it specifically for an Australian store running the PrestaShop Content Management System (CMS), exploiting the fact that it accepts payments via the Commonwealth Bank.”
The fake payments page also informs users if the fields filled in are valid.
After all the details are exfiltrated, the victim is redirected to the real payment page. The legitimate payment site for Australia’s Commonwealth Bank is loaded and the total amount due for the purchase is displayed. This is done by a unique session ID being created and reading browser cookies.
“Externalizing payments shifts the burden and risk to the payment company such that even if a merchant site were hacked, online shoppers would be redirected to a different site (i.e. Paypal, MasterCard, Visa gateways) where they could enter their payment details securely.
“Unfortunately, fraudsters are becoming incredibly creative in order to defeat those security defenses. By combining phishing-like techniques and inserting themselves in the middle, they can fool everyone.”
The post #Privacy: New digital skimming attack uses phishing technique to steal data appeared first on PrivSec Report.