KrebsOnSecurity is reporting on a new scam that used unrenewed domains to scam credit cards. If you own a domain name that gets decent traffic and you fail to pay its annual renewal fee, chances are this mistake will be costly for you and for others. Lately, neglected domains have been getting scooped up by crooks who use them to set up fake e-commerce sites that steal credit card details from unwary shoppers.
How they do it:
According to an in-depth report jointly released today by security firms Flashpoint and RiskIQ, the sites are almost certainly set up simply to siphon payment card data from unwary shoppers looking for specific designer footwear and other clothing at bargain basement prices.
“We have observed more than 800 sites hosting these brand impersonation/skimming stores since June 2018,” the report notes.
“This group’s strategy appears rather simple: the perpetrators set up a large number of stores impersonating as many popular brands as possible and drive traffic to these fake stores with a variety of methods,” the report continues. “Some visitors will attempt to make purchases, entering their payment information into the payment form where the skimmer copies it and sends it to a drop server. The payment page even displays badges from various security companies in order to appear more legitimate.”
The report tracks the work of Magecart — the name given to a collective of at least seven cybercrime groups involved in hacking Web sites to steal payment card data.
This is the deepest, publicly reported look into the Magecart operations and an important exposé into the activities of one of the most dangerous and profitable cybercrime outfits operating on the underground today.