As the holiday shopping season approaches, a concerning trend is emerging with the increased risk of credit card skimming, providing cybercriminals ample opportunities to exploit unsuspecting consumers engaging in online transactions.
Despite the excitement surrounding the shopping season, the rise in online shopping creates a breeding ground for scams and data theft. The specific threat of credit card skimming is highlighted, emphasizing the vulnerability of online stores and the necessity for customers to share sensitive credit card information during purchases.
The article sheds light on a particular credit card skimming campaign known as the Kritec campaign, which gained momentum dramatically in October after a period of dormancy during the summer. With hundreds of online stores compromised, the potential for encountering this threat while shopping online regularly becomes a significant concern. The Kritec campaign distinguishes itself by its large volume and the sophisticated customization of skimming tools for each victim site, including localization in multiple languages, making it exceptionally challenging for online shoppers to detect the theft of their credit card information.
As the holiday season approaches, threat actors are intensifying their activities, evidenced by the peak of the Kritec campaign in April and a subsequent resurgence in October, measured through the registration of new domain names associated with this threat actor. The infrastructure behind this campaign is identified on the IT WEB LTD network, registered in the British Virgin Islands. To mitigate the risks of credit card skimming and ensure safe online shopping, the article provides practical advice.
It emphasizes the need for careful scrutiny, especially when dealing with smaller merchants, and suggests website audits, avoidance of outdated websites, and the use of tools like Malwarebytes Premium with web protection and the Malwarebytes Browser Guard extension for advanced in-browser detection.
Additionally, the article concludes by highlighting the publication of an infrastructure list obtained through retrohunting, aiming to enhance community blocklists used by third-party products for improved threat detection and prevention.