Malwarebytes Labs Reveals 50% Uptick in Credit Card Skimming in Advance of the Holiday Shopping Season - Dark Reading
2023-11-15 05:04 (EST) - Eric Noonan
PRESS RELEASE
SANTA CLARA, Calif.,Nov. 14, 2023/PRNewswire/ -- Malwarebytes, a global leader in real-time cyber protection, today released new threat research revealing credit card skimming is on the rise for the holiday shopping season. The report details a specific credit card skimming operation, the Kritec campaign, which specializes in crafting very realistic payment templates with convincing language localization that has compromised hundreds of websites. Malwarebytes threat researchers tracked a 50% increase month-over-month in the US since September in newly registered domains attributed to Kritec, demonstrating a huge uptick in both compromised sites and opportunity for innocent shoppers to fall victim.
"Embrace the magic of the holidays (and the seasons cyber deals), but dont forget to safeguard your digital gifts," warns Jérôme Segura, senior director of threat research, Malwarebytes. "Whether shopping online or booking your experience with Santa, be aware that cybercriminals have laid the groundwork to take advantage of the holiday shopping season via both obvious and very subtle avenues."
Another risk to shoppers this holiday season is malvertising – online ads that deliver scams or install malware. This type of fraud is on the rise in both volume of malicious ads and the sophistication behind them. Over the past two months, Malwarebytes has tracked a 42% increase month-over-month in malvertising incidents in the US, pointing to an alarming trend. Recent research reveals malicious campaigns carried out in online ads via Google searches, some impersonating big-name brands and scams targeting online tech support for Windows users.
Online Shopping Tips
For many online scams, it is near impossible for an individual, even a highly skilled one, to know when theyre using a website that includes a third-party component compromised by criminal hackers or operated by a company prepared to bend the rules at the expense of the users privacy and security. Here are a few tips for safer shopping.
Avoid clicking on sponsored ads: Conduct a direct search for your retailer of choice to avoid falling prey to prevalent malvertising tactics which have been known to spoof even huge, reputable brands such as Amazon.
Conduct a direct search for your retailer of choice to avoid falling prey to prevalent malvertising tactics which have been known to spoof even huge, reputable brands such as Amazon. Check that copyright: Avoid inputting any payment information into websites that dont look like theyve been maintained for a while. Red flags include outdated visuals and old copyright stamps.
Avoid inputting any payment information into websites that dont look like theyve been maintained for a while. Red flags include outdated visuals and old copyright stamps. Consider a Password Manager and MFA: With every site requiring a password these days, leverage a password manager to protect your payment information and set up multi-factor authentication where available.
With every site requiring a password these days, leverage a password manager to protect your payment information and set up multi-factor authentication where available. Keep an eye on your financial statements : An uptick in online shopping deserves an uptick in your vigilance for checking online bank and credit card statements. Flag anything that seems suspicious for quick resolution.
: An uptick in online shopping deserves an uptick in your vigilance for checking online bank and credit card statements. Flag anything that seems suspicious for quick resolution. Run an antivirus solution: Most antivirus products offer some kind of web protection that detects malicious domains and IP addresses. Malwarebytes Premium offers web protection and is complemented by the Malwarebytes Browser Guard extension for more advanced in-browser detection.
Most antivirus products offer some kind of web protection that detects malicious domains and IP addresses. Malwarebytes Premium offers web protection and is complemented by the Malwarebytes Browser Guard extension for more advanced in-browser detection. Use Malwarebytes Browser Guard: A free browser extension for Chrome, Edge, Firefox and Safari that blocks unwanted and unsafe content, giving users a safer and faster browsing experience. It stops users from going onto phishing sites, entering information into unsafe domains and downloading malware. It also blocks web trojans.
Malwarebytes Browser Guard Updates
With the holiday shopping period right around the corner, Malwarebytes has made additional enhancements to its Browser Guard plug-in, including:
Improved Protection: Stopping even more threats with enhanced phishing detection.
Stopping even more threats with enhanced phishing detection. New Scanning Blocks: Prevents websites from scanning for vulnerable network ports.
Prevents websites from scanning for vulnerable network ports. Facebook Support: Added ability to block ads and sponsored content from appearing on Facebook feeds.
Added ability to block ads and sponsored content from appearing on Facebook feeds. Monthly Overview: A new monthly summary showcases whats been blocked.
Malwarebytes Premium (for Windows) users can unwrap additional functionalities in Browser Guard, including:
Content Control: Dials up control of the browsing experience so users can define whats appropriate and fully customize what content to block while surfing.
Dials up control of the browsing experience so users can define whats appropriate and fully customize what content to block while surfing. Import and Export: New feature that allows users to transfer Browser Guard settings across all their browsers and devices.
New feature that allows users to transfer Browser Guard settings across all their browsers and devices. Historical Detection Statistics: Users can learn more about past detections and what threats users have avoided.
To read more about the latest threats and cyber protection strategies, visit our blog, or follow us on Facebook, Instagram, LinkedIn, TikTok and Twitter.
About Malwarebytes
Malwarebytes is a global cybersecurity leader delivering award-winning endpoint protection, privacy and threat prevention solutions worldwide. Built on decades of experience as the last resort to find and eradicate the latest malware, Malwarebytes is now trusted by millions of individuals and organizations to stop threats at each stage of the attack lifecycle, secure digital identities and safeguard data and privacy. A world class team of threat researchers and proprietary AI-powered engines provide unmatched threat intelligence to detect and prevent known and unknown threats. The company is headquartered in California with offices in Europe and Asia. For more information and career opportunities, visit https://www.malwarebytes.com.
