A newly discovered Cybercrime in Credit Cards is conducted on a large scale. In this Credit, Card Skimmer targets PayPal company. The skimmer uses an innovative technique to inject highly convincing iframes and hijacks the checkout forms of compromised online stores. In this whole process, they use JavaScript to hijack the companies and this skimmer gang is known as Megacart Group. This group injects within the checkout pages of various e-commerce sites, after hacking them in a form of skimming attack.
A Newly Invented Credit Card Skimmer Hack:-
A new trick is invented for stealing online shoppers credit card information. This trick was discovered by Affable Kraut, by using data from Sansec, which is a security company focused on fighting digital skimming. In this trick, the skimmer will capture all the order details which are used to buy products online on various websites from a targeted website. The skimmers, Hijack any of the e-commerce websites and target it to get their customers online trading and credit card information from the order checkout form. The details include Credit card information on their customers and Id password of the customer of any targeted website which is hijacked by the Megacart group. Once all the data is captured, the stolen order data is later used to Prefill fake PayPal’s payment forms that will be injected and displayed during the checkout process instead of legitimate forms.
To check if the information is good or not, the skimmer parses the order information before filling the PayPal’s form. If the data is not good, it actually sends a message back to the victim’s page as Kraut found. And if the data passes the checks, the active page calls takes the passed data and uses it to Pre-fill the fake PayPal form.
After all the process, the skimmers use the stolen order information to pre-fill the PayPal’s payment form, and they own the credit card to different person’s name and information and use it for his own work and purpose.
How To Defend Web Skimming:-
As we know, Web Skimming is conducted Vastly in the world, To cure this scam, the FBI has warned various government agencies and SMBs ( Small and Medium-Sized Businesses) from E – Skimming threats. The FBI and Cybersecurity cells have also started taking defensive measures, which can be implemented by Businesses and Government agencies. But however, The users have fewer options to protect themselves against Megacart attacks, This approach is unfortunately not much helpful if the hackers manage to compromise white listed E-Commerce sites as it usually happens during Megacart attack.