Online stores may not be as secure as you think

Credit card skimming is on the rise for the holiday shopping season, according to Malwarebytes.

Online stores are not always as secure as you might think they are, and yet you need to hand over your valuable credit card information in order to buy anything. When a merchant website is hacked, any purchase made has the potential of being intercepted by bad actors. Often, the malicious code is right underneath the surface and yet completely invisible to shoppers.

Malvertising poses increased risk this holiday season

The report details a specific credit card skimming operation, the Kritec campaign, which specializes in crafting very realistic payment templates with convincing language localization that has compromised hundreds of websites.

Malwarebytes threat researchers tracked a 50% increase month-over-month in the US since September in newly registered domains attributed to Kritec, demonstrating a huge uptick in both compromised sites and opportunity for innocent shoppers to fall victim.

“Embrace the magic of the holidays (and the season’s cyber deals), but don’t forget to safeguard your digital gifts,” warns Jérôme Segura, senior director of threat research, Malwarebytes. “Whether shopping online or booking your experience with Santa, be aware that cybercriminals have laid the groundwork to take advantage of the holiday shopping season via both obvious and very subtle avenues.”

Another risk to shoppers this holiday season is malvertising – online ads that deliver scams or install malware. This type of fraud is on the rise in both volume of malicious ads and the sophistication behind them. Over the past two months, Malwarebytes has tracked a 42% increase month-over-month in malvertising incidents in the US, pointing to an alarming trend.

Recent research reveals malicious campaigns carried out in online ads via Google searches, some impersonating big-name brands and scams targeting online tech support for Windows users.

For many online scams, it is near impossible for an individual, even a highly skilled one, to know when they’re using a website that includes a third-party component compromised by criminal hackers or operated by a company prepared to bend the rules at the expense of the user’s privacy and security.

Tips for safer online shopping

Avoid clicking on sponsored ads: Conduct a direct search for your retailer of choice to avoid falling prey to prevalent malvertising tactics which have been known to spoof even huge, reputable brands such as Amazon.

Check that copyright: Avoid inputting any payment information into websites that don’t look like they’ve been maintained for a while. Red flags include outdated visuals and old copyright stamps.

Consider a password manager and MFA: With every site requiring a password these days, leverage a password manager to protect your payment information and set up multi-factor authentication where available.

Keep an eye on your financial statements: An uptick in online shopping deserves an uptick in your vigilance for checking online bank and credit card statements. Flag anything that seems suspicious for quick resolution.

Run an antivirus solution: Most antivirus products offer some kind of web protection that detects malicious domains and IP addresses.