Kaspersky researchers found a new fraudulent technique that steals online payment details

Tuesday 23 June 2020 12:37 CET | News

Kaspersky researchers have uncovered a new technique for stealing users’ payment information on online shopping websites, dubbed web skimming.

By registering for Google Analytics accounts and injecting these accounts’ tracking code into the websites’ source code, attackers can collect users’ credit card details. Web skimming is a popular practice used by attackers to steal users’ credit card details from the payment pages of online stores, whereby attackers inject pieces of code into the source code of the website. This malicious code then collects the data inputted by visitors to the site (i.e. payment account logins or credit card numbers) and sends the harvested data to the address specified by attackers in the malicious code.

Kaspersky researchers have discovered a previously unknown technique for conducting web skimming attacks. Rather than redirecting the data to third-party sources, they redirected it to official Google Analytics accounts. This means that once the attackers registered their accounts on Google Analytics, all they had to do was configure the accounts’ tracking parameters to receive a tracking ID. They then injected the malicious code along with the tracking ID into the webpage’s source code, allowing them to collect data about visitors and have it sent directly to their Google Analytics accounts.

Free Headlines in your E-mail

Every day we send out a free e-mail with the most important headlines of the last 24 hours.

Subscribe now

Keywords:	Kaspersky, researchers, fraudulent technique, online shoppers, payment details, web analytics, fraud, credit cards, accounts, iD, skimming attacks, payment account logins, malicious code
Categories:	Fraud & Financial Crime
Companies:
Countries:	World

This article is part of category

Fraud & Financial Crime

::: more

Free Headlines	::: subscribe now
RSS	::: follow ThePaypers via RSS ::: connect
LinkedIn	::: connect with ThePaypers on LinkedIn ::: connect
Twitter	::: follow ThePaypers on Twitter ::: follow
Facebook	::: like ThePaypers on Facebook ::: like

Kaspersky researchers found a new fraudulent technique that steals online payment details

Free Headlines in your E-mail

Fraud & Financial Crime

Voice of the Industry

Influence to income: the rise of social commerce in the TikTok era

Money20/20 Europe 2025: the future of finance takes center stage in Amsterdam

Money does not stop at the border (Part 1)

MRC Barcelona 2025: leveraging future techs for a fraud-proof present

The hidden complexity behind card issuing and acquiring — and why it still trips up fintechs

Interviews

[Video interview] Digital banking strategies for traditional banks – Tim Rutten, Backbase

Beyond the buzz of BNPL – unveiling its true value

[Video Interview] From event vision to payment innovation: Damir Čaušević and Nikola Škorić on MoMo 2025

[Video interview] The future of banking: AI, innovation and agility – a conversation with Piotr Jelenski, ASEE Group

[Video interview] The future of crypto: an institutional perspective with Svetlana Sailer, Kraken

Industry Events

The Paypers

This Site

Contact Information

Legal Information