Crisis events such as the current COVID-19 pandemic often lead to a change in habits that captures the attention of cybercriminals. With the confinement measures imposed in many countries, for example, online shopping has soared and along with it, credit card skimming. According to our data, web skimming increased by 26 percent in March over the previous month.
While this might not seem like a dramatic jump, digital credit card skimming was already on the rise prior to COVID-19, and this trend will likely continue into the near future.
While many merchants remain safe despite the increased volume in processed transactions, the exposure to compromised e-commerce stores is greater than ever.
Change in habits translates into additional web skimming attempts
Web skimming, also known under different terms, but made popular thanks to the ‘Magecart’ moniker, is the process of stealing customer data, including credit card information, from compromised online stores.
The stats presented below exclude any telemetry from our Browser Guard extension and reflect a portion of the overall web skimming landscape, per our own visibility. For instance, server-side skimmers will go unaccounted for, unless the merchant site itself has been identified as compromised and is blacklisted.
One trend we notice is how the number of skimming blocks is at its highest on Mondays (which happens to be the busiest day for online shopping), lowering down in the second half of the week and being at its lowest point on week-ends.
The second observation is how the number of web skimming blocks increased moderately from January to February (2.5%) but then started to go up from February to March (26%). While this is still a moderate increase, we believe it marks a trend that will be more apparent in the coming months.
The final chart shows that we record the most skimming attempts in the US, followed by Australia and Canada. This trend coincides with the quarantine measures that began being rolled out in mid March.
Minimizing risks: a shared responsibility
As we see with other threats, there isn’t one answer to mitigate web skimming. In fact, it can be fought from many different sides starting with online merchants, the security community and shoppers themselves.
A great number of merchants do not keep their platforms up to date and also fail to respond to security disclosures. Often times, the last recourse to report a breach is to go public and hope that the media attention will bear fruit.
Many security vendors actively track web skimmers and add protection capabilities into their products. This is the case with Malwarebytes, and web protection is available in both our desktop product and browser extension. Sharing our findings and attempting to disrupt skimming infrastructure is effective at tacking the problem at scale, rather than on an individual (per site) basis.
Shopping online is convenient but not risk-free. Ultimately, users are the ones who can make savvy choices and avoid many pitfalls. Here are some recommendations:
- Limit the number of times you have to manually enter your credit card data. Rely on platforms where that information is already stored in your account or use one-time payment options.
- Check if the online store displays properly in your browser, without any errors or certain red flags indicating that it has been neglected.
- Do not take trust seals or other indicators of confidence at face value. Because a site displays a logo saying it’s 100% safe does not mean it actually is.
- If you are unsure about a site, you can use certain tools to scan it for malware or to see if it’s already on a blacklist.
- More advanced users may want to examine a site’s source code using Developer Tools for instance, which as a side effect may turn off a skimmer noticing it is being checked.
We expect web skimming activity to keep on an upward trend in the coming months as the online shopping habits forged during this pandemic continue on well beyond. For more tips please check out Important tips for safe online shopping post COVID-19.