Since the Wuhan Virus pandemic, many businesses have added on-line capabilities to their customer’s shopping experience and working online. Unfortunately, since this is a new opportunity, shop owners and businesses may be using website developers (many who are recently trained and opened shop to serve this burgeoning new market), need to be equipped with the knowledge and skills necessary to make everything secure.
A Picture is Worth a Thousand Words and Millions of Dollars in Credit Card Fraud
This includes everything from the website, shopping-cart software, merchant provider and even the pictures (whose data can be altered to web skim credit cards)!
These are serious risks with dire consequences from many perspectives. Stealing of client’s personal and financial data, causing harm to the system and client, supplier’s and other connected items with malware and ransomware.
Cyber-criminals are using the increase in online shopping to conduct cyber-attacks, such as “Magecart” attacks, in which a web skimmer is used to steal payment card information while evading detection. Malwarebytes Lab discovered a new steganography technique in which skimming code is injected and hidden inside an image file that is will compromise online stores and exfiltrate credit card data.
Photographers and graphic designers should use techniques like steganography to encrypt their clients images. Speak to your website developer and photographer/designer for assurances of protection. Insist that your providers apply the highest level of risk management that your insurance company requires, as it is your responsibility for any liabilities and fines, not theirs. The hackers append extraneous code to a legitimate script hosted by the merchant and loads a bogus favicon file that typically uses the “Copyright” metadata field to load the web skimmer. Online stores running the WooCommerce plugin for WordPress are increasingly targeted due to its large market share, however other cart software has also been successfully targeted. Web scripts are open source so any website is a potential target. Websites should be encrypted so that source code cannot be seen. Here is a screenshot (courtesy of Malwarebytes) of an unencrypted image, showing the malicious code injected into the copyright field:
Administrators must block access to sensitive information entered into web forms and stored cookies. It actually it is better to make purchases with credit cards when shopping online as they often have better consumer fraud protections than debit cards, which are monitored by your bank and you can opt-in for purchase notifications by text, phone or email.
Wishing you great success in your online efforts,