All You Need to Know About Web Skimming Attacks

Web skimming, also known as digital skimming, is a hacking technique that targets digital businesses by manipulating unmonitored and compromised client side web applications. Usually, these attacks are initiated by placing malicious JavaScript (JS) code strategically on payment and checkout pages of the website where unsuspecting users fill in their personal and financial details. Although commonly found on eCommerce websites, banking, finance, healthcare, tourism, and other eService platforms are also being targeted today.

Web skimming attacks have been around for a while, but they took center stage after the 2018 Magecart attack on British Airways, that cost the company more than $1B in mitigation efforts, GDPR violation fines, and other payoffs. While hackers continue to use Magecart scripts to steal payment card information, the newer techniques used by cybercriminals have transformed this malicious activity into a global phenomenon.

Cybercriminals have now started placing web skimmers and Magecart scripts inside images, logos, and favicons to append them to popular JavaScript libraries or in some cases hide them inside website widgets such as the live chat window you can find on every eService website today. The attack vectors are multiplying, forcing CISOs and CIOs to re-think their security strategy.

In a next blog we will take a closer look at this worrying trend.