Your organization’s leadership is 12 times more likely to be the target of a security incident and nine times more likely to be the target of a data breach than they were last year. Find out how they can be protected.
Read the Datasheet
Gift Cardsharks: The Massive Threat Campaigns Circling Beneath the Surface
Learn about the attack group primarily targeting gift card retailers and the monetization techniques they use.
Get the Report
Threat Hunting Workshop Series
Join one of our security threat hunting workshops to get hands-on experience investigating and remediating threats.
Attend an Upcoming Workshop
Inside Magecart: New RiskIQ & Flashpoint Research Report
Learn about the groups and criminal underworld behind the front-page breaches.
Threat Hunting Guide: 3 Must-Haves for the Effective Modern Threat Hunter
The threat hunting landscape is constantly evolving. Learn the techniques, tactics, and tools needed to become a highly-effective threat hunter.
From small shops to giant household names like Newegg, Ticketmaster, and British Airways, these attacks have affected thousands of sites, and potentially millions of consumers, all without virtually anyone knowing. The most significant factor in Magecart’s success is that most site owners lack visibility into the code running on their site. As a result, the average Magecart skimmer lasts over two weeks, with many lasting much longer than that.
While the onus is very squarely on businesses to protect their customers by increasing their visibility into the code running on their websites, Magecart is only growing more prevalent. In the meantime, consumers can take precautions to avoid being victimized and having their credit card information feed this criminal enterprise.
Yonathan Klijsnma, RiskIQ’s Head Threat Researcher and the leading expert on Magecart, offers five tips you can take as an online shopper to stay safe.
The most significant liability when you shop online is the credit card in your hand. Threat actors want to know the numbers on the front and back and are well-equipped with the tools and the knowledge to get it. Please don’t do them any favors by shopping on shady websites.
Start by asking, “Do I trust this website?” Check its reputation with a Google search to see if there are complaints about its safety. Do additional research by checking how long the store has existed and who the store owner is. You can usually find this information in the Contact and About pages on the site. If the store is less than a year old or based in an area of high threat activity like China or Eastern Europe or selling products that appear counterfeit, i.e., similar to legitimate products from another company, be suspicious.
See if there is a way to purchase the product without entering your credit card data, or see if the product is available on a trusted site such as Amazon or eBay, which are likely safer than self-hosted (independent) e-commerce sites.
Although Magecart is victimizing businesses of all kinds, small businesses are most likely to host a malicious skimmer. Most sites hit by Magecart are small stores that don’t have the knowledge or the means to focus on website security. Businesses for which e-commerce isn’t central to their operations, i.e., stores that sell things on their site as a secondary offering, are also frequent victims.
Generally, the bigger the store, the more knowledgeable they are about threats targeting e-commerce and the more likely they are to have security staff looking after their site. Large retailers in the US have expansive security controls in place and large teams responsible for the safety of their site’s infrastructure.
Try to avoid entering your card details into the website. Large stores like Amazon store your card in your account, so you don’t need to enter it into a web form where a Magecart skimmer might be lurking. Even small shops now offer Amazon Pay, which allows you to avoid potential skimming by paying via the card stored in your Amazon account rather than manually entering your credit card details.
Another way to avoid entering your card details is by using Apple Pay, PayPal, or a similar mobile payment system, which send a one-time token of your credit card information. Even if Magecart happens to skim the token, they can’t access the associated credit card information. Another option is using one-time use credit cards, which can be skimmed without consequence.
Don’t only watch for large transactions; some thieves run small charges.
If you suspect that your card was skimmed, whether you see a suspicious transaction or not, call your card issuer and request a new card. They’d rather issue you a new card than have a fraudulent transaction go through.
If you’re aware that Magecart skimmed your credit card information, you can help prevent it from happening to someone else. Contact the e-commerce site and tell them about the theft. If they ignore you, you can contact law enforcement. The FBI is very interested in these crimes. You can also contact the payment provider because they can track the number of fraudulent transactions that occur when buyers are buying from a merchant.
Major browsers use lists to block known malicious websites. Chrome uses Google Safe Browsing, and Microsoft Edge uses SmartScreen. When RiskIQ identifies Magecart code, they report it to Google Safe Browsing.
From an early age, teaching kids safe online shopping practices is crucial as it becomes more prevalent in society. Along with the methods outlined above to avoid web skimming, kids should know the other threats lurking on the internet targeting consumers and how to avoid them.
RiskIQ sees fake and fraudulent tech support scams, prize offerings, software updates, and coupons in every corner of the internet. These scams can phish for information, or infect users with adware and malware. They’re prevalent but relatively easy to spot. Knowing when something on the internet is too good to be true goes a long way to staying safe online.
RiskIQ is the leader in attack surface management. We help organizations discover, understand, and mitigate exposures across all digital channels.
🛡️#CyberSecurityBrief #Alert: @FTC Refunds Victims Of @OfficeDepot Tech Support Scam via @BleepinComputer @AthertonLab #CyberSecurity #InfoSec #Malware #Ransomware #DDoS #DataBreach #ITsecurity #CyberThreats #CloudSecurity #CyberSecurityInsights https://cybersecurityinsights.substack.com/p/your-friday-morning-cybersecurity?r=63k3&utm_campaign=post&utm_medium=web&utm_source=twitter
At #RSAC2020, stop by the @CrowdStrike booth on Tuesday at 11:30 to see the RiskIQ Illuminate app in action! It analyzes CrowdStrike endpoint coverage and compares it to RiskIQ's unmatched external data to provide a 360-degree view of your attack surface: https://bit.ly/2ujagwt
Credit Card Skimmer Found on Nine Sites, Researchers Ignored - by @Ionut_Ilascu
Looking for plans in San Francisco Monday night during #RSAC 2020? You're invited to party with RiskIQ at IGNITE, hosted by @FlashpointIntel! RSVP today: https://bit.ly/2R1SPJe