Just as customers are gearing up to tap into one of the biggest shopping events of the year, cybersecurity experts warn about a new e-commerce phishing scheme.
Researchers at Malwarebytes, the digital defence firm, has discovered a new scheme where hackers pretend to be a Commonwealth Bank of Australia payment processing page.
In some cases, e-commerce sites redirect transactions to secure third-party payment service providers’ sites, like the one provided by Commonwealth Bank of Australia.
However, in the new scheme, the hackers hijack the service, redirecting it to a fake landing page that asks for the victim’s personal and financial data, which is subsequently skimmed and exfiltrated to an attacker-controlled server.
The site even checks and alerts the user if they have put in the correct information.
“By blending phishing and skimming together, threat actors developed a devious scheme, as unaware shoppers will leak their credentials to the fraudsters without thinking twice,” Jerome Segura, director of threat intelligence at Malwarebytes, wrote in a blog post.
He also noted that the cybersecurity firm has seen an increased activity from malicious actors as the holiday shopping season is approaching.
Segura continued, “The attackers have crafted it specifically for an Australian store running the PrestaShop Content Management System (CMS), exploiting the fact that it accepts payments via the Commonwealth Bank.”
Copyright © 2018 RegTech Analyst
