Threat Actors Ramp Up Skimming Attacks On Online Shopping Sites

Published: January 20, 2022 on our newsletter Security Fraud News & Alerts Newsletter.



It seems as if we’ve entered a zone where online shopping is the only option for some things. Well, of course, that will increase the number of online shopping threats that we may run across while using our fingers and a keyboard to get the items we want or need. Unfortunately, threat actors are capitalizing on this fact. Recently, some websites have been detected that have skimming technology implemented in order to steal payment details for several online shopping sites.


The attackers have been using Magecart, which involves the injection of malicious code on target sites. Some of the websites that are known to have been compromised are:

  • whitemountainshoes.com – Shoes and footwear

  • goldboutique.com – Jewelry

  • nafnaf.com – Fashion apparel

  • proaudiostar.com – Professional audio equipment

  • truebrands.com – Professional beverage accessories

  • loudmouth.com – Clothing and special apparel



The actors have managed to leave the skimmers online for months, in some cases, stealing loads of data. The code that’s been inserted can steal the payment card number, cardholder name, addresses, and CVV numbers. Then all that information gets sent off to the attackers. It may get used right away, may also be held for a while to eliminate suspicion, or even get sold off on the dark web.


Analysts at Akamai actually discovered this when they found a gaming site, SCUF Gaming International had been attacked in the same manner. That one resulted in financial details of 32,000 people being compromised. After more digging, they found the above sites had the same skimming technology, as well as other sites. They correlated it with Alexa rankings and found that the lower the Alexa ranking number, the longer the skimmer could remain undetected and therefore, grab more information. If the attackers were discovered, they’d pull up stakes on that website and move on.


Consumers who take part in online shopping, regardless of the time of year, should take steps to increase their own security.


  • Use an up-to-date internet security solution (anti-virus).

  • Pay with electronic methods instead of debit cards, such as Apple Pay or Google Pay.

  • Pay with cash, if possible.

  • Use only reputable sites.

  • Avoid clicking on advertisements seen on your screens. Go directly to the website by carefully typing in the retailer’s name.

  • Triple check the URL before hitting the enter or return key to ensure there are no typos.

  • If you frequently shop at a website, bookmark it and use that to get there every time you need some retail therapy.


If you have recently bought anything using your credit card from the websites above, you should check your charges for potential fraud. If you find anything questionable, call your bank to report it and request a card replacement. The sooner you do this, the less expensive for everyone.


Keep up to date: Sign up for our Fraud alerts and Updates newsletter

Want to schedule a conversation? Please email us at advisor@nadicent.com


3 views0 comments