Europol has successfully identified and notified 443 online merchants whose e-commerce platforms have been infiltrated by malicious skimming scripts, designed to siphon off customer payment card information during transactions. The discovery is the outcome of a concerted two-month operation conducted by law enforcement from 17 countries and includes contributions from private entities like Group-IB and Sansec.
Sophisticated Tactics Employed by Threat Actors
Investigators have identified 23 unique families of JavaScript skimmers in their operation, such as ATMZOW, health_check, and FirstKiss, showcasing a level of sophistication in the cybercriminal approach. These skimmers are executed in stealth, with some abusing legitimate website tools like Google Tag Manager and masquerading as Google Analytics code to avoid detection. The stealthy nature of these attacks allows them to remain undetected for lengthy periods, giving cybercriminals ample time to collect large volumes of sensitive payment data.
Preventive Measures and Consumer Advice
In light of these threats, Europol encourages online merchants to review and reinforce their cybersecurity measures. The agency suggests consulting a specialized guide it provides on digital skimming. With a significant increase in online shopping during the holiday season, the risk of such attacks is even higher. Consumers are advised to use digital payment methods or one-time-use private cards to limit the potential for credit card theft. Moreover, consumers should regularly monitor their credit card statements for any signs of unauthorized activities, which might indicate their cards have been compromised.
The operation underlines the continual efforts by international law enforcement to combat the omnipresent threat of cybercrime and ensure consumer protection in the digital marketplace. As cybercriminals evolve their tactics, the importance of coordinated actions and public awareness grows ever more critical.
