Criminals will look for any possible weaknesses to make money. Using donation-based events to harvest credit card information is one possible approach.
Consumers and corporations making donations to fight the Australian bushfires have been put at risk. A Magecart attack allowed criminals to install a credit card skimmer on a donation site’s checkout page.
The Risk of Donating With a Credit Card
What is happening in Australia with the bushfires is absolutely horrifying. A lot of people want to contribute whatever money they can spare for a good cause. Those efforts deserve to be applauded first and foremost.
Some criminals, however, see this as a golden opportunity to steal credit card information.
Various online platforms set up a donation page. Consumers can then pay by credit or debit card to complete their contribution.
One legitimate website saw this approach backfire fairly quickly. Running an outdated version of the Magento Content Management System is never a smart idea.
Due to this website using an older version, it was open to Magento exploits. Criminals leveraged one of these weaknesses to modify the website’s code.
As such, they can collect credit card data, including card numbers, CVV, expiry date, and the name on the card. The billing address and other personal information are also at risk.
This highlights the problem with donations through a debit or credit card. Consumers need to rely on the website owner to keep their scripts up to date. Failure to do so can potentially expose thousands of people to payment card fraud.
The Magecart Attack Vectors
Magento is one of the most targeted CMS among criminals. It is widely used, but also contains loopholes in outdated versions. By injecting the site with malware, the skimming of credit card information became very straightforward.
It is unlikely that this donation site is targeted specifically. Instead, it is likely the victim of an automated attack. A worrisome thought, and a strong warning to all site owners using older versions of Magento.
It appears that this particular Magecart script is not unique to this site. Researchers confirm it is present on dozens of other platforms.While site owners can easily remove it, this usually doesn’t happen overnight.