Europol identifies hundreds of e-commerce platforms used in digital skimming attacks

Europol joined law enforcement agencies from 17 countries to warn 443 online sellers that their customers’ payment card data had been compromised.

In a press release issued Friday, the agency said the two-month operation was led by Greece and supported by cybersecurity companies. Group-IB and Sansec, two companies experienced in monitoring digital skimming attacks.

In skimming attacks, hackers embed tools or malware on e-commerce sites that allow them to siphon credit card information from online stores during the checkout process. The tactic has It’s been a problem for a long time for popular internet sellers.

With the help of several incident response teams and the European Union Agency for Cybersecurity (ENISA), hundreds of anonymous websites were informed that they were being used by hackers for attacks. digital skimming.

“Digital hijacking attacks can go unnoticed for a long time. Payment or credit card information stolen as a result of these criminal acts is often offered for sale on illicit darknet markets,” Europol said.

“Customers typically don’t realize their payment information has been compromised until criminals have already used it to make an unauthorized transaction. In general, it is difficult for customers to find a compromise. »

All law enforcement agencies worked with online stores, providing technical assistance to help them remove the tools and protect customers.

Countries involved in this effort included the United States, the United Kingdom, Germany, Colombia, Spain, the Netherlands, and many more.

The payment fraud industry has shown signs of recovery following Russian law enforcement’s crackdown on domestic cybercriminals and Russia’s invasion of Ukraine in 2022, according to a report. annual payment fraud report from Recorded Future, owner of The Record.

Researchers found 119 million cards listed for sale on Dark Web card stores, with an estimated $9.4 billion in preventable fraud losses for card issuers and $35 billion in potential chargeback fees for traders and buyers in 2023.

In 2022, e-skimmers led to the compromise of 45.6 million payment card records offered for sale on dark web platforms, according to last year’s report.

The type of stores equipped with e-skimmers in 2023 included restaurants – which accounted for 18.5% of all victimized businesses – auto parts sellers, clothing stores, and more.

The United States had the largest number of cards available, with more than 50 million on the dark web. No other region or country tracked had more than 2.5 million.

“By 2024, fraudsters are expected to refine their tactics, continuing to compromise cards using both old and new methods. Payment cards stolen from North American and European financial institutions accounted for the largest volume throughout 2023 and are expected to persist into 2024.

“The report concludes that in 2024, fraudsters will likely combine sophisticated technical solutions, nuanced workflows, and social engineering tactics to circumvent rules-based fraud detection. »

Jonathan Greig is a breaking news reporter at Recorded Future News. Jonathan has worked as a journalist around the world since 2014. Before returning to New York, he worked for media outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.