Payment Card Skimmer Investigation

Scenario

Your credit card company just called the head of the marketing department and told them that they saw fraudulent credit card transactions using the Marketing Corporate Credit Card. They asked what the recent transactions that were made with the card. After the fraud investigator verified the last real transaction, they determined that the fraud started after a purchase were made from the website called www[.]almamaterstore[.]in. They mention that his might be a credit card skimmer attack.

Objectives

You work in the Incident response department in your organization. You want to use the payment card fraud as a learning experience to train your team.

Important Note: During your investigation you have informed your team not to directly visit the website in order to prevent any potential malware from entering the organization.

Objective 1: Was www[.]almamaterstore[.]in compromised?

Objective 2: If the website was compromised, how do you know?

Objective 3: What evidence do you have for a compromise other than the word of the credit card company?

Objective 4: If you determine the site was compromise, how do you suspect the website was compromised?