As consumers everywhere take to online shopping amid coronavirus social distancing and lockdown mandates, cybercriminals are increasingly focusing on the digital crime of credit card skimming.
The rise in credit card skimming is part of the proliferation of cybercrimes in general as fraudsters and organized crime groups seek to take advantage of the coronavirus pandemic.
Credit card skimming is a type of credit card theft where crooks use a small device to steal credit card information in an otherwise legitimate credit or debit card transaction. When a credit or debit card is swiped through a skimmer, the device captures and stores all the details stored in the card’s magnetic stripe.
Better and improved skimmers
Most often nowadays, credit card skimming happens when malware is injected into a shopping payment page with the goal of stealing credit card information.
This is different from the older method where criminals use physical card skimmers hidden within, for example, ATM credit card readers.
“While digital skimming has been around for many years, the current pandemic creates a unique situation where more online transactions are getting processed than usual,” said Jérôme Segura, director of Threat Intelligence at Malwarebytes, an American internet security company.
“And many folks are learning about shopping online for the first time.”
Credit card skimming campaigns
One of the more infamous cases of digital credit card skimming happened in 2018, when the data from 380,000 cards was stolen from the British Airways site. This was attributed to Magecart, an umbrella term that covers numerous distinct cybercriminal groups.
On March 20 this year, Malwarebytes uncovered a credit card skimming campaign on the popular Tupperware site.
The official Tupperware site was compromised “by hiding malicious code within an image file that activates a fraudulent payment form during the checkout process,” said Segura.
“As a consumer, there is usually little to no indication that the site you are about to enter your credit card details into is unsafe. This is a bonanza for criminals who can expect a higher yield from the stores they have already compromised,” he said.
How to protect yourself
There are things you can do to minimise the risk of online fraud, by practicing safe online shopping, Segura said:
Avoid entering your payment information into too many different sites. Instead, try to stick to one or two major portals that already have that data stored in your account profile.
Use antivirus software that offers web protection.
Check your bank and credit card statements on a regular basis.