Fuelled by the pandemic, online fraud is on the increase and website performance and cybersecurity company RapidSpike warns the trend is set to continue.
In 2020, there were 2,417,866 cases of remote purchase fraud, up 12% year on year. This fraud occurs when a criminal uses stolen card details to buy something on the internet, over the phone or through mail order.
Globally, as much as $35 billion in Covid-related loans may have been fraudulent and these scams involving government benefits topped the UK list according to Experian. As those programs wind down, criminals will turn their focus to traditional digital fraud schemes, taking advantage of the increase in digital traffic to exploit data stolen over the past three years.
But how do scammers get hold of your details? RapidSpike.com CEO Gav Winter, reveals the tactics they use.
“Domain spoofing is one way hackers will try to defraud customers on a real website. This happened to British Airways when scammers managed to steal customer credit card information by infiltrating their website to send data to baways.com instead of the legitimate britishairways.com, which was also well hidden from the team. These kinds of attacks are extremely frequent, usually targeted at medium size businesses with smaller security teams but good revenue, but all businesses larger and small are at risk”
In the past year, RapidSpike detected 12,500 potentially malicious hosts that were threatening the security of their clients’ websites. This is where hackers gain unauthorised website access through web skimming, formjacking and supply chain attacks.
Gav adds: “Online criminals are constantly evolving the way they attack websites and ultimately steal customers’ details. Due to more and more businesses moving online throughout the pandemic this only gave hackers more opportunity. We predict website identity & payment theft will continue to grow over the next few years as more people get caught out. The responsibility is not only on consumers to be cautious when shopping online, but big businesses should be doing a lot more to check the security of their sites continuously, not just treating it as a box ticking exercise once a year, taking both proactive and reactive security measures. No matter how good your security is, human error can happen anytime. After all, if it can happen to brands like British Airways, it can happen to anyone.”
Tactics used by hackers to avoid detection:
Plugins
In March 2020, WordPress announced that their Threat Intelligence team had discovered several vulnerabilities in ‘Popup Builder’, a WordPress plugin installed on over 100,000 sites. They explained how one vulnerability allowed an unauthenticated attacker to inject malicious JavaScript into any published popup, which would then be executed whenever the popup loaded. Plugins can be useful tools in delivering great customer experience, making design changes, and helping with workflow, however, they can also leave a website vulnerable to attacks. WordPress plugins have had multiple vulnerabilities over the years, plugins should be minimised to a manageable level and continuously updated to patch any vulnerabilities.
Fake Checkouts
A key web-skimming attack method is loading a fake checkout form before the legitimate checkout page or before a PayPal page. Customers have a good indication of if an attack has occurred if a second payment form is presented, unfortunately, at that point, the customer’s payment details have already been stolen. Checkout pages carry the most valuable information on the website and should be monitored carefully. A Synthetic User monitor can continuously walk through the checkout page and alert to any new hosts found, potentially before a data breach occurs.
Malware Under Images
In 2020, one of the new hacking methods observed was steganography-based skimmers. The technique involves hiding code within imagery to avoid detection. Hackers hide the image’s background JavaScript code to scrape the data needed. The Tupperware website was
one victim of this style of attack, with malicious code hidden within a PNG file that activated a fraudulent payment form during the checkout process.
Targeted Customers
Skimmers are continuously advancing to evade detection including performing a search before loading a skimmer, to target a specific type of customer. RapidSpike’s Security Researcher discovered a hyper-targeted skimmer that only loaded after some prerequisites were met. The skimmer required the user to be on a mobile phone and in landscape mode. Additionally, a check was undertaken to ensure the user was on the checkout page, and did not have a developer toolbar present. Once the targeted customer had passed all the requirements, the skimmer would then load. It is therefore important that companies test their website from multiple browsers to ensure all customers receive the same experience.
Case Study – Multi-brand U.S. Retailer
In 2019, a U.S-based multi-brand retailer disclosed an attack on one of their websites. The site had been infected with a skimming code that stole customers’ payment data. Despite efforts to patch the vulnerabilities, they suffered numerous attacks over a two-year period.
Approximately 9 million users visited the website in the time they were hacked.
The multi-brand retailer contacted RapidSpike to monitor their reliability, performance and security across 15 websites plus any geographic variations. Self-service and managed User Journeys monitor user experience and security. RapidSpike security tools are used to look for configuration issues, vulnerabilities and potential exploits to find and help fix critical security issues.
RapidSpike Magecart Attack Detection is active on all websites which have critical customer processes including checkouts and portal log-ins. This tool tracks all data sent by all hosts. Alerts are set up to immediately notify if something in the perimeter of their client-side website changes and if data is being sent somewhere untrusted.
Using RapidSpike Magecart Detection, the retailer reduced detection time by 99.7%. In the last 12 months, over 17 million website visitors on the previously hacked website have been protected by RapidSpike’s Magecart Attack Detection. Over the past 2 years, RapidSpike has detected a number of similar attacks which have been quickly dealt with and plugged security blindspots which have protected the brands reputation.
About RapidSpike.com
Following extensive growth, the firm is embarking on an ambitious expansion strategy after accelerating by 550% in the last two years and taking investment from Praetura Ventures last year.
RapidSpike believes everyone expects & has the right to fast, safe & reliable online experiences and helps businesses defend against client-side cyberattacks by detecting website identity and payment theft. Great, safe, websites improve conversions & customer loyalty.
Furthermore, we believe in empowering the teams who support online customers with key critical information that meets those demands, minimises disruptions & makes everyone’s lives less stressful.
Clients include US retail giant Helen of Troy alongside William Hill, Kurt Geiger and White Stuff.