Digital skimming: the lucrative cybercrime

Digital skimming is one of the major hidden threats to any business. With social distancing rules still in effect, companies are increasingly interacting with their customers over digital channels such as websites and mobile apps. Even traditional brick-and-mortar businesses such as restaurants are now letting customers pre-order and pay for meals online.

Anytime there is a digital transaction, the business has to collect personal data from the user. This data could include names, email addresses, passwords, phone numbers, payment card data and verification codes. And this data is most vulnerable at the point of entry.

Stealing from the source

Digital skimming, or magecart attacks, as they are more commonly known, steal this information right at the source as the user types it into a web form or a mobile app. The business is often unaware that this happened since the information was skimmed from the user’s computer as opposed to the company’s servers. The lack of visibility means that the attacks often go undetected for weeks or months, while hackers yield a rich bounty of credit card numbers to sell on the dark web. Researchers estimate that the loot from a 2019 magecart attack on a major e-commerce platform could net the fraudsters up to $130 million.

Sponsorships Available

Sponsorships Available

Sponsorships Available

The economics behind such attacks are so lucrative that there are toolkits now available on the dark web that will enable even the most inexperienced hackers to run digital skimming operations. Nation states facing financial sanctions are also trying to tap into this alternate revenue source by launching their own skimming operations.

Digital skimming attacks usually start by gaining privileged access to the admin console for an e-commerce website. The hackers then place a small snippet of code into one of the website (Read more...)