Coronavirus-Related Online Skimming and Credit Card Fraud to Spike

The coronavirus pandemic has unfortunately put the whole world to a standstill, forcing employees to telecommute and the majority of populations to stay at home, unable to purchase their needs personally. And it’s this time that online purchases have spiked exponentially, and with that, the possibility for online payment fraud to spike as well.

As of March 2020, Malwarebytes has reported a 26% increase in the use of card-skimming malware compared to February 2020 since the lockdowns began. There was a lesser, but apparent increase last February 2020 and January 2020 to the same extent, coinciding with the growing number of countries implementing lockdown procedures.

What does this mean? 

This simply means that cybercriminals are trying to take advantage of the spike in online purchases thanks to the coronavirus pandemic.

For those who don’t know, internet card-skimming is basically the same method employed in physical card-skimming wherein criminals would obtain all information from a card’s magnetic stripe by swiping the card in tampered credit card readers or standalone skimming devices. In internet card skimming, cyber-criminals insert skimming malware into the code of legitimate e-commerce websites to obtain credit card information.

The websites of British Airways, Newegg and Ticketmaster are notable examples of victims of this type of attack. Unlike phishing, where criminals impersonate legitimate websites, card skimming actually uses the actual website, with code that piggybacks on the actual page that collects the info.

Right now, the US has the highest amount of skimming activity with Canada and Australia close behind, thanks to lockdown measures imposed by their respective governments. And because there seemed no such thing going on with Spain and Italy, they don’t appear in Malwarebytes list of card skimming targets.

Malwarebytes is not directly attributing the skimming activity increase to the collective group known as Magecart that engages in this sort of activity. But as of April 2020, nineteen e-commerce sites have been infiltrated by card-skimming malware according to RiskIQ researchers. The culprits are apparently Magecart hackers particularly to a group known as Magecart Group 7. What’s quite interesting is that the group only needed 22 lines of JavaScript code, composed mostly of hex-encoded strings in order to avoid detection dubbed Makeframe.

This latest skimmer from Group 7 is an illustration of their continued evolution, honing tried and true techniques and developing new ones all the time… They are not alone in their endeavors to improve, persist, and expand their reach. RiskIQ data shows Magecart attacks have grown 20 percent amid the COVID-19 pandemic. With many homebound people forced to purchase what they need online, the digital skimming threat to e-commerce is as pronounced as ever.”

–RiskIQ

Should we worry?

Of course as this unfortunately adds another layer of vulnerability to our already vulnerable lives. We should worry if our favorite retailers don’t update their respective platforms to the latest versions. But that is out of our hands. What consumers can do is to be wary of their credit card transactions and balances. To check if something’s off and to have their credit card company numbers always handy.