What do online shops need to know about the Magecart groups?
Online shop operators may find themselves busy as consumers surge this coming holiday season. However, they should also be aware that they can be the next target of groups of cybercriminals that steal credit card data and sell it in the deep web.
Magecart groups infiltrate online shops to steal credit card data
In a recent joint report of RiskIQ and Flashpoint, Magecart is allegedly responsible for the recent e-commerce breaches involving big companies. “Magecart” is a term used to collectively identify the seven groups of cybercriminals that steal sensitive data from online shops.
How does Magecart work to steal credit card data?
Aside from simply selling the data into the deep web, these cybercriminals would use stolen credit card data to purchase any products and ship them to “mules” from the U.S. who will be instructed to re-ship them to Eastern Europe where they will be sold by cybercriminals. There’s also a cybercriminal group that profits from small and medium e-commerce sites by planting cryptomining scripts. Such scripts are often short enough to be noticed.
IT and security experts are still determining the success rate of Magecart that’s responsible for breaching British Airways, Newegg, and Ticketmaster where they’ve collected thousands of credit card data.
What can online shop owners do to fight Magecart?
Online shop operators should do something to protect their consumers who shop online with a credit card instead of an online account. Although it’s highly advisable that online entrepreneurs integrate a reliable third-party payment gateway, security expert Malwarebytes Labs suggests using NoScript or any browser plug-in to prevent rogue sites from loading digital skimmers to a website.