Another day, another new strategy out there causing a headache for e-commerce merchants. The latest culprit? A new card skimming campaign targeting the 404 pages of retailer’s websites, aimed at stealing credit card information from unsuspecting customers who think they’re on a legitimate page.
While card-skimming techniques are not new, this particular stream of malicious code being used in this way is. Merchants using Magento or WooCommerce sites are at high risk right now, although other food and retail merchants have also become victim to this attack.
Instead of seeing the 404 error page, the customer sees what looks to be a legitimate web page, with a form where they would usually enter their sensitive information like credit card details. Once entered, users see a fake “session timeout” error. What also makes this particular attack tricky is that it is hard to identify by cybersecurity tools. This article from Bleeping Computer shows the code and how it can be hidden within already existing scripts, or disgused as a Meta Pixel code snippet: https://www.bleepingcomputer.com/news/security/hackers-modify-online-stores-404-pages-to-steal-credit-cards/
But let’s back up a little bit and go back to the basics – how does all of this even work?
What is Card Skimming?
Card skimming, often associated with the Magecart group, involves malicious actors inserting snippets of code into a website’s payment or checkout pages. These code snippets are designed to capture sensitive information, such as credit card numbers and personal data, entered by unsuspecting visitors.
Typically, when an online shopper submits their payment information, the skimming script intercepts the data and sends it to a remote server controlled by the attackers. The victim remains unaware that their information has been compromised. Such attacks have been the focus of cybersecurity experts for years, with numerous high-profile data breaches attributed to Magecart and similar groups.
The 404 Page Twist
Traditionally, card skimming attacks have targeted shopping carts, product pages, and payment gateways. However, cybercriminals are constantly seeking new ways to bypass security measures and fly under the radar. The recent rise of attacks on website 404 error pages is indicative of this trend.
When a user encounters a 404 error page, it often means that the requested page or resource does not exist or has been moved (leaving the original link broken). While this might seem like an unlikely place for an attack, it provides several advantages to hackers:
Lower Visibility
We’ve all encountered these error pages, right? Most users dismiss them as a minor inconvenience and continue browsing. This means the malicious script can run undetected for longer periods.
Reduced Monitoring
404 pages may not receive the same level of scrutiny as payment or checkout pages, making them a tempting target for attackers.
Stealthy Execution
The script can be injected into the error page’s code without raising immediate suspicion. Hackers can often gain easy access to 404 pages as they are more vulnerable due to being less frequently monitored.
The implications of card skimming attacks on 404 pages are alarming:
Data Breaches
Attackers can collect sensitive information from users who believe they’ve simply landing on a 404 page, leading to data breaches that can result in financial losses and identity theft.
Erosion of Trust
Such attacks erode users’ trust in online platforms, as they can’t be certain about the safety of their data even on seemingly benign pages.
Reputation Damage
Website owners can suffer significant reputational damage, especially if the attack goes undetected for an extended period, impacting user confidence in their platform.
Legal Consequences
In many jurisdictions, data breaches carry significant legal consequences. Website owners could face lawsuits, penalties, or regulatory actions if they fail to protect their users’ data.
Protecting Your Website
Given the rise of card skimming attacks on 404 pages, it’s crucial for website administrators to take proactive steps to safeguard their platforms and users. Here are some best practices to consider:
Regular Audits
Conduct regular security audits of your website, including 404 pages, to identify vulnerabilities and unauthorized code.
Content Security Policy (CSP)
Implement a CSP to control which external resources can be loaded and executed on your site. This can help prevent unauthorized scripts from running.
Regularly Monitor Traffic
Keep a close eye on website traffic, especially on error pages. Unusual patterns or unexpected data transfers may indicate an attack.
Keep Software Updated
Ensure that all software, including content management systems and plugins, are up to date to minimize vulnerabilities.
Security Scanning Tools
Use automated security scanning tools to identify and eliminate malicious code on your website.
User Education
Educate your users about online security, advising them to be cautious even when encountering a 404 error page.
Data Encryption
Implement robust encryption mechanisms to protect sensitive data in transit and at rest.
The recent rise of card skimming attacks on website 404 pages underscores the relentless creativity and adaptability of cybercriminals. They are exploiting the vulnerabilities in seemingly harmless error pages to steal sensitive information from unsuspecting users. Website administrators and owners must remain vigilant, regularly update their security measures, and educate their users to mitigate these risks. In an era where online trust is paramount, protecting your website and your users from card skimming attacks is not just a matter of cybersecurity but also one of maintaining reputation and trust.
