Europol identifies hundreds of e-commerce platforms used in digital skimming attacks

Avatar

Europol joined law enforcement agencies from 17 countries in warning 443 online sellers that the payment card data of their customers had been compromised.

In a press release on Friday, the agency said the two-month operation was led by Greece and supported by cybersecurity firms Group-IB and Sansec — two companies with experience monitoring digital skimming attacks.

In skimming attacks hackers embed tools or malware onto e-commerce sites that allow them to siphon credit card information from online stores during the checkout process. The tactic has long been a problem for popular internet sellers.

With the help of several incident response teams and the European Union Agency for Cybersecurity (ENISA), hundreds of unnamed websites were notified that they were being used by hackers for digital skimming attacks.

“Digital skimming attacks can go undetected for a long time. Payment or credit card information stolen as a result of these criminal acts is often offered for sale on illicit marketplaces on the darknet,” Europol said.

“Customers are usually not aware that their payment details have been compromised until the criminals have already used them to carry out an unauthorized transaction. Generally, it is difficult for customers to find the point of compromise.”

All of the law enforcement agencies worked with the online stores, providing technical assistance to help them remove the tools and protect customers.

The countries involved in the effort included the United States, United Kingdom, Germany, Colombia, Spain, the Netherlands and more.

The payment fraud industry has shown signs of recovery following Russian law enforcement’s crackdown on domestic cybercriminals and the Russian invasion of Ukraine in 2022, according to an annual payment fraud report from Recorded Future, which owns The Record.

Researchers found 119 million cards posted for sale on dark web carding shops, with an estimated $9.4 billion in preventable fraud losses for card issuers and $35 billion in potential chargeback fees for merchants and acquirers in 2023.

In 2022, e-skimmers led to 45.6 million compromised payment card records posted for sale on dark web platforms, according to last year’s report.

The type of stores embedded with e-skimmers in 2023 included restaurants — which accounted for 18.5% of all victim companies — automotive parts sellers, clothing stores, and more.

The U.S. had the most cards available with more than 50 million on the dark web. No other region or country tracked had more than 2.5 million.

“Looking ahead to 2024, fraudsters are expected to refine their tactics, continuing to compromise cards using both old and new methods. Stolen payment cards from North American and European financial institutions led in volume throughout 2023 and are likely to persist in 2024.

“The report concludes that in 2024, fraudsters will likely combine sophisticated technical solutions, nuanced workflows, and social engineering tactics to bypass rules-based fraud detection.”

TechnologyCybercrime
Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

No previous article

No new articles

Jonathan Greig is a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since 2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.

 

Total
0
Shares
Previous Post

Kazakhstan to extradite Russian cyber expert to Moscow despite US requests

Next Post

Europol identifies hundreds of e-commerce platforms used in digital skimming attacks

Related Posts

Russian RomCom Attacks Target Ukrainian Government with New SingleCamper RAT Variant

The Russian threat actor known as RomCom has been linked to a new wave of cyber attacks aimed at Ukrainian government agencies and unknown Polish entities since at least late 2023. The intrusions are characterized by the use of a variant of the RomCom RAT dubbed SingleCamper (aka SnipBot or RomCom 5.0), said Cisco Talos, which is monitoring the activity cluster under the moniker UAT-5647. "This
Avatar
Read More

New Cryptojacking Attack Targets Docker API to Create Malicious Swarm Botnet

Cybersecurity researchers have uncovered a new cryptojacking campaign targeting the Docker Engine API with the goal of co-opting the instances to join a malicious Docker Swarm controlled by the threat actor. This enabled the attackers to "use Docker Swarm's orchestration features for command-and-control (C2) purposes," Datadog researchers Matt Muir and Andy Giron said in an analysis. The attacks
Avatar
Read More