It is generally not possible to avoid by the average consumer as they take place on vulnerable e-commerce websites with code injected into payment portals to skim and steal card data input by customers. Past victims of Magecart groups include British Airways, Newegg, Macy’s, Ticketmaster, and Boom! Mobile.
Cybercriminals who steal financial services credentials through phishing and fraudulent websites, who eavesdrop on your transactions through Man-in-The-Middle (MiTM) attacks, or who utilize card-skimming malware, can steal these details when they are not secured. Once this information has been obtained, unauthorized transactions can be made, clone credit cards can be created, or this data may be sold to others on the Dark Web.
When it comes to Magecart attacks, everyone is at risk. No industries are spared, and the Magecart victim list reads like a who’s who of some of the world’s leading brands. Magecart attacks target all kinds of businesses of all sizes and segments, and with increasingly complex methods.
Let’s have a look at some high profile examples:
- One of the giant spikes in Magecart attacks came in 2018 when Ticketmaster announced that payment information had been stolen from their websites. The breach resulted from Magecart operatives placing skimmers on checkout pages through third-party suppliers. They also attacked third parties themselves, which gave the scammers access to over 800 ecommerce sites.
- Websites of 8 US cities were compromised by Magecart card detail-skimming software. The skimmers targeted payments made through Click2Gov (a self-service portal used to pay utility bills and parking fees). In this case, attackers were collecting credit card details along with names and contact addresses.
- Airline giant British Airways was targeted by a Magecart attack in 2018, and the data of nearly 400,000 customers was breached. The Magecart attack affected payments on the main site and mobile app between August 21st, 2018, and September 5th, 2018. As a result, British Airways had to pay a record-high £183m GDPR fine after failing to prevent the attack.
- Magecart has also targeted the magazine industry with an attack on Forbes. This time, attackers injected web-skimming scripts into the subscription website for the Forbes print magazine. Customers thought they were signing up to get Forbes delivered to their door but were instead delivering their sensitive information straight into the hands of hackers.
- This is just a handful of examples that illustrate the extent and potential devastation of a Magecart attack. And with the increase in online shopping, they’re showing no signs of slowing down.
With ProtectIQ™ included with the CentraWiFi Blast router, you will receive the internet security you need. It monitors devices connected to the network and blocks any attempts to visit websites that are known to be malicious. When one of these websites is blocked, users will see a message in their browsers indicating that the website is not available or that the connection was terminated. ProtectIQ is a network-level security application that works quietly in the background and proactively keeps malicious websites, viruses, and intrusion away from your home 24x7.
The CentraWiFi Blast Router includes ProtectIQ™ which gives you the internet security you need. ProtectIQ™ is a network-level security application that works quietly in the background and proactively keeps malicious websites, viruses, and intrusion away from your home 24x7. ProtectIQ™ was awarded the 2022 Global InfoSec Best in Anti-Phishing, Network Security & Management system.