Europol identifies hundreds of e-commerce platforms used in digital skimming attacks

Avatar

Europol joined law enforcement agencies from 17 countries in warning 443 online sellers that the payment card data of their customers had been compromised.

In a press release on Friday, the agency said the two-month operation was led by Greece and supported by cybersecurity firms Group-IB and Sansec — two companies with experience monitoring digital skimming attacks.

In skimming attacks hackers embed tools or malware onto e-commerce sites that allow them to siphon credit card information from online stores during the checkout process. The tactic has long been a problem for popular internet sellers.

With the help of several incident response teams and the European Union Agency for Cybersecurity (ENISA), hundreds of unnamed websites were notified that they were being used by hackers for digital skimming attacks.

“Digital skimming attacks can go undetected for a long time. Payment or credit card information stolen as a result of these criminal acts is often offered for sale on illicit marketplaces on the darknet,” Europol said.

“Customers are usually not aware that their payment details have been compromised until the criminals have already used them to carry out an unauthorized transaction. Generally, it is difficult for customers to find the point of compromise.”

All of the law enforcement agencies worked with the online stores, providing technical assistance to help them remove the tools and protect customers.

The countries involved in the effort included the United States, United Kingdom, Germany, Colombia, Spain, the Netherlands and more.

The payment fraud industry has shown signs of recovery following Russian law enforcement’s crackdown on domestic cybercriminals and the Russian invasion of Ukraine in 2022, according to an annual payment fraud report from Recorded Future, which owns The Record.

Researchers found 119 million cards posted for sale on dark web carding shops, with an estimated $9.4 billion in preventable fraud losses for card issuers and $35 billion in potential chargeback fees for merchants and acquirers in 2023.

In 2022, e-skimmers led to 45.6 million compromised payment card records posted for sale on dark web platforms, according to last year’s report.

The type of stores embedded with e-skimmers in 2023 included restaurants — which accounted for 18.5% of all victim companies — automotive parts sellers, clothing stores, and more.

The U.S. had the most cards available with more than 50 million on the dark web. No other region or country tracked had more than 2.5 million.

“Looking ahead to 2024, fraudsters are expected to refine their tactics, continuing to compromise cards using both old and new methods. Stolen payment cards from North American and European financial institutions led in volume throughout 2023 and are likely to persist in 2024.

“The report concludes that in 2024, fraudsters will likely combine sophisticated technical solutions, nuanced workflows, and social engineering tactics to bypass rules-based fraud detection.”

TechnologyCybercrime
Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

No previous article

No new articles

Jonathan Greig is a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since 2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.

 

Total
0
Shares
Leave a Reply

Your email address will not be published. Required fields are marked *

Previous Post

Kazakhstan to extradite Russian cyber expert to Moscow despite US requests

Next Post

Europol identifies hundreds of e-commerce platforms used in digital skimming attacks

Related Posts

Hackers Hijack GitHub Accounts in Supply Chain Attack Affecting Top-gg and Others

Unidentified adversaries orchestrated a sophisticated attack campaign that has impacted several individual developers as well as the GitHub organization account associated with Top.gg, a Discord bot discovery site. "The threat actors used multiple TTPs in this attack, including account takeover via stolen browser cookies, contributing malicious code with verified commits, setting up a custom
Jason Macuray
Read More

Malicious NPM Packages Exfiltrate Hundreds of Developer SSH Keys via GitHub

Two malicious packages discovered on the npm package registry have been found to leverage GitHub to store Base64-encrypted SSH keys stolen from developer systems on which they were installed. The modules named warbeast2000 and kodiak2k were published at the start of the month, attracting 412 and 1,281 downloads before they were taken down by the npm
Omega Balla
Read More