Introduction
Online shopping has become extremely popular in recent years. The convenience of being able to purchase almost anything with just a few clicks is undeniable. However, as ecommerce continues to grow, so too do the threats targeting shoppers’ data. I recently learned about a concerning new trend called Magecart skimming, which affects ecommerce sites of all sizes. As an online shopper, I wanted to understand this threat better to protect my information. In this article, I will explain what Magecart skimmers are, provide some background, outline the risks, and suggest ways shoppers can stay safe when shopping online.
What are Magecart Skimmers?
Magecart skimmers are malicious snippets of code secretly inserted into ecommerce websites to steal customers’ payment card information. The skimmers sit quietly in the background recording data entered into checkout forms on compromised sites.
Specifically, Magecart skimmers target payment form fields during checkout to grab credit card numbers, names, addresses, and other sensitive details. The stolen data is then exfiltrated to servers controlled by the Magecart group to be sold on dark web marketplaces.
A Brief History of Magecart Groups
Magecart skimming attacks first emerged around 2015. Since then, various hacker groups have adopted the Magecart name while carrying out these online skimming campaigns. There are believed to be at least 12 distinct Magecart groups currently active, including Magecart Group 4, Magecart Group 6, and others.
These cybercriminal groups do not work together. They compete to compromise as many sites as possible using their own custom skimming code. Some of the more active groups include:
-
Magecart Group 4 – First identified in 2015. Known for using highly obfuscated skimmer code making detection difficult.
-
Magecart Group 6 – One of the most active groups as of 2019. Targets vulnerable Magento ecommerce sites in particular.
-
Magecart Group 7 – Emerging in 2018. Known for using very stealthy skimmers hidden in image files on victim sites.
Scale of the Problem
Magecart skimming attacks were once limited to smaller sites, but have expanded significantly in scale in recent years. All types of ecommerce sites are now targeted, including large merchants like British Airways, Newegg, and Ticketmaster.
In 2018, British Airways disclosed that Magecart skimmers on its payments page affected hundreds of thousands of customers. The following year, online security research Magecart revealed finding skimmers on nearly 200 ecommerce sites, including dozens of the Alexa top 100,000.
Research suggests Magecart skimmers may now be present on hundreds of thousands of sites globally. The exact number of victims is difficult to pinpoint as discovery often relies on third-party reporting. However, the scale makes Magecart one of the biggest threats to ecommerce and shopper data today.
Risks to Shoppers
As an online shopper, a Magecart skimmer on my favorite ecommerce site puts my sensitive information at huge risk. If I enter my payment details into a compromised checkout page, the skimmer could steal:
- Credit card number
- Card expiration date
- CVV security code
- My name and billing address
With this data, fraudsters can make unauthorized purchases, clone cards for physical transactions, or sell the details on dark web marketplaces. I could face credit card fraud, identity theft, account compromise, and other headaches.
Worse, I likely wouldn’t even know the site I shopped on was infected until it was too late. Magecart skimmers are designed to operate secretly in the background without interrupting the normal shopping process.
How to Stay Safe from Magecart Skimmers
While Magecart skimming poses serious risks, there are steps I can take as a shopper to reduce my chances of being impacted:
-
Use credit cards (not debit cards) – Credit cards have stronger fraud protections making it easier to dispute unauthorized charges.
-
Monitor statements closely – Review transactions regularly and report any suspicious charges promptly.
-
Avoid sites with mixed content warnings – These warnings could indicate malicious activity on the site.
-
Use antivirus software – Up-to-date antivirus can sometimes detect hidden skimmers on infected sites.
-
Limit use of public Wi-Fi – Public networks make it easier for skimmers to intercept entered data.
-
Consider virtual credit cards – Services like Privacy.com let you generate virtual card numbers for online purchases as an added layer of protection.
The Future of Magecart Defense
Magecart skimming remains an evolving threat, but there are ongoing efforts to combat these attacks:
-
Ecommerce platforms are releasing patches and tools to scan for skimmers.
-
Web hosting providers have increased scrutiny looking for signs of compromise.
-
Cybersecurity researchers actively monitor sites and report skimmers through trusted channels when found.
-
Merchants are deploying added defenses like web application firewalls to block skimming attempts.
While Magecart groups will continue developing new techniques, awareness and collaboration between the security industry, merchants, and shoppers is key to disrupting skimming operations and keeping our data safe.
Conclusion
Magecart skimming is a serious threat facing all online shoppers today. Sophisticated cybercriminal groups are compromising ecommerce sites to steal payment card details from customers during checkout. However, by understanding the nature of Magecart attacks, I can take proactive steps to reduce my risks online. While hackers may get more advanced, vigilance and safe browsing habits will go a long way in protecting my sensitive information from compromise through Magecart skimming.
