Web skimming

Web skimming

Web skimming, also known as "Magecart attacks", refers to a form of cyber attack in which attackers inject malicious code into e-commerce websites to steal customer payment information. These attacks target online shopping carts and payment pages of websites to pass sensitive information, such as credit card information, to the attackers.

Here's how it typically works:

1. Injection: Attackers find vulnerabilities in the security of an e-commerce website and inject malicious JavaScript code into the web pages. This code is then executed when customers visit the website.

2. Data theft: The malicious code collects information from the payment details entered, such as credit card numbers, expiration dates and security codes, as customers enter these details during the checkout process.

3. Data forwarding: The stolen data is forwarded to the servers controlled by the attackers, where they can use the data for fraudulent activities, such as performing unauthorized transactions.

4. Web skimming attacks can cause significant damage to both e-commerce companies and customers. It can lead to financial loss, reputational damage and loss of customer confidence. Protecting against web skimming requires regular website security audits, updating software and patches, and implementing security measures such as Web Application Firewalls (WAFs) to detect and prevent such attacks.