While online shoppers are excited to grab the lightning deals, opportunistic cybercriminals are preying on exploits to compromise websites and steal data. The U.K. government has recently warned about Magecart actors targeting online businesses via e-skimming attacks.
The National Cyber Security Centre (NCSC) in the U.K. stated that cybercriminals exploit unpatched vulnerabilities in various e-commerce websites and inject malicious codes. It has identified over 4,151 compromised online shops up to the end of September and alerted retailers to these security vulnerabilities.
Hackers E-Skimming on Black Friday and Cyber Monday Deals
In e-skimming, hackers initially exploit a vulnerability in software used at the checkout page on shopping sites and deploy a malicious code that diverts payments and steal details of unsuspecting customers. Magecart hackers mostly perform e-skimming attacks. The attackers either sell the stolen card data on the darknet or use it to make fraudulent purchases.
Most of the affected e-commerce sites have been compromised via a known vulnerability in Magento – a popular e-commerce platform that allows websites to create their own online store.
Also Read: 3 Common Online Frauds to Watch Out in 2022
The NCSC stated that small online retailers could increasingly be targeted during the Black Friday and Cyber Monday shopping days. The agency urged online businesses in the country to update their software to avoid financial and reputational damage.
How to Mitigate E-Skimming Risks
- Perform regular updates to payment software
- Install patches from payment platform vendors
- Implement code integrity checks
- Keep anti-virus software updated
- Monitor and analyze weblogs
- Always have an Incident Response Plan
In addition, online businesses must boost their overall website security to prevent malicious code injections and hacker intrusions.
Commenting on the ongoing attacks on e-commerce businesses, NCSC Deputy Director for Economy and Society Sarah Lyons said, “We want small and medium-sized online retailers to know how to prevent their sites from being exploited by opportunistic cybercriminals over the peak shopping period. Falling victim to cybercrime could leave you and your customers out of pocket and cause reputational damage. It’s important to keep websites as secure as possible, and I would urge all business owners to follow our guidance and make sure their software is up to date.”
The Chancellor of the Duchy of Lancaster, Steve Barclay, said, “On Black Friday and Cyber Monday, the hackers will be out to steal shoppers’ cash and damage the reputations of businesses by making their websites into cyber traps. It’s critical, with more and more trade moving online, to protect your business and your customers by following the guidance provided by the National Cyber Security Centre and British Retail Consortium.”