There are a few fairly simple rules that can help you protect both yourself and your money from typical scams while online shopping. Here\u2019s what these boil down to:<\/p>\n
However, not many folks know that their card details can be hijacked even on legitimate websites. This can happen if the page is infected with web skimmers \u2014 malicious scripts embedded directly in the website code. That\u2019s what we\u2019ll talk about today.<\/p>\n
Web skimmers were named due to their association with hardware skimmers<\/a> \u2014 stealthy devices that carders install on ATMs or payment terminals to steal card details. Skimmers are hard to notice because they look like regular ATM hardware, so unsuspecting users insert or slide their cards, only to share their payment details with the criminals.<\/p>\n Scammers have long realized they don\u2019t have to tinker with hardware and risk being caught at the scene of the crime. The same result can be achieved much more easily, fully remotely, and with less risk, by writing a snippet of code and embedding it into a website, where it will intercept shoppers\u2019 bank card details and send them to the scammers. That code snippet is called a web skimmer.<\/p>\n Cybercriminals look for vulnerable online stores and other websites that accept card payments, hack them, and install their malicious code without the owners\u2019 noticing it. At this point, their job is done \u2014 now they just need to consolidate the card details into a database, and sell the database on the dark web to other cybercriminals who specialize in stealing money from bank cards.<\/p>\n Three things make web skimmers especially dangerous.<\/p>\n First, they\u2019re invisible to users. From a regular online shopper\u2019s perspective, nothing suspicious takes place. They\u2019re making a purchase on a website that has the right address and no red flags to be seen: it looks and works the way a normal website would. Furthermore, money won\u2019t start disappearing from the victim\u2019s account right away, so it\u2019s difficult, if at all possible, to pinpoint the website where the card was compromised.<\/p>\n Second, web skimmers aren\u2019t too easy to detect \u2014 even by website owners. This presents more of a problem to smaller online stores, which might not have a full-time IT specialist, let alone a cybersecurity expert. But even large online retailers may find that that thoroughly checking their own sites for web skimmers is a challenge that requires fairly exotic skills and tools.<\/p>\n Third, victims are hard pressed to link a theft to a specific store, so it\u2019s highly unlikely anyone would come forward with a complaint. Few owners would undertake the complex and costly task of scanning their website for skimmers (which would require hiring a professional) just to be on the safe side.<\/p>\nWhy are web skimmers dangerous?<\/h2>\n
How widespread is the web skimmer threat?<\/h2>\n