‘Web Skimming’ Scams Are Targeting Online Shoppers—Here’s How to Protect Your Money

If you love shopping online, you’ll want to take note: Scammers are targeting customers and businesses everywhere in a type of fraud called web skimming. This sophisticated cyber scheme often slips under the radar, but it can lead to serious financial losses. One of the best ways to protect yourself is by simply knowing how it works and the steps that can minimize any damage. Keep reading to learn what you can do to outsmart web skimming the next time you make an online purchase.

What is web skimming?

You may have heard of skimming before, which is when criminals steal data from payment cards using hidden devices. But now there’s a digital version that’s raising alarm bells: web skimming.

It’s similar to the original type of fraud, but there’s a more advanced twist. Instead of hidden devices on physical ATMs and card readers, scammers use malicious codes on online checkout pages. Because the codes are undetectable to customers, shoppers don’t know they’ve been victimized until after their card information is stolen.

Now, researchers are trying to investigate a criminal network that has been launching web skimming attacks on business pages that use major payment providers, reports Fox News.

The payment networks that have been impacted:

• American Express
• Diners Club
• Discover (a subsidiary of Capital One)
• JCB Co., Ltd.
• Mastercard
• UnionPay

Until they can catch those responsible, the best thing for you to do is know exactly how this scam works and take steps to protect yourself.

Life

Mail Theft Check Fraud Is Surging—Here’s How to Protect Yourself

Though only 61% of Americans wrote a check in the last year according to a 2024 survey, officials are still warning people about crime trends related to paper checks. It’s easy to see why; two men in Michigan were recently charged for stealing checks believed to be worth more than $1 million in total. Wondering […]

How web skimming works (and why it’s so hard to detect)

Criminal groups (known in cybersecurity circles as “magecarts”) secretly add malicious code into a store’s checkout page using Javascript. This web language is incredibly common for legitimate business websites because it’s interactive and allows for features like payment forms and buttons.

What makes these codes particularly dangerous? Even a business may not know they’ve been attacked, as fraudsters take several steps to keep the code from being detected. Some of these web skimming codes are so sophisticated they can “disappear” when an administrative user is online.

Others find success by working with sketchy web hosting providers who allow the criminals to continue to operate—even when legitimate businesses file a report to try to get these skimming codes removed.

Once they install the skimmers into the checkout page of a business, the danger starts. The checkout process for customers will run seamlessly, but the crime is being committed quietly behind the scenes. The code copies the card numbers, expiration dates, billing details and security codes that the shopper enters.

You then won’t realize you’ve been victimized until you see unusual activity on your card or in your bank account. But if you’ve made several online transactions recently, you may not even know where the crime took place, which can make it more difficult to resolve the issue.

Life

Worst Scams Ever Revealed: Protect Yourself With These Tips

Now more than ever, it seems like we’re being targeted in a scam on a regular basis. While it can be overwhelming to keep track of what’s real and what isn’t, a great starting place is having the knowledge of the scams that are particularly common and dangerous. We asked Abhishek Karnik, head of threat […]

Your action plan to outsmart web skimmers

For most scams, experts advise staying alert for red flags that can indicate you are being targeted. But things get tricky here; the hidden nature of web skimming means you likely won’t even be able to tell you’re at risk of having your information stolen. But don’t worry—there are powerful steps you can take to protect your payment information before criminals ever get close.

While taking this step can make checkout faster in the future, it can lead to compromised information down the road, warns Security Quotient. Even if a site is not currently under a web skimming attack, it could happen eventually, giving the criminals quick access to your pre-saved payment information.

Consider skipping browser autofill

Just like saving payment details, autofill settings can share your payment details. Instead, turn off this feature for any payment forms you may be filling out.

Regularly clear browser cookies

By clearing out cookies and cache on the browser you use, you can minimize any tracking that may happen from third party web scripts that could be designed for skimming.

Use single-use or virtual cards to pay online

These digital card numbers are linked to your real debit or credit account but don’t show the actual number. Another perk? They are one-time use only! You will usually find these available in major banking and credit card apps or through mobile wallet apps like Google Pay or Apple Pay.

Deal of the Day

This Deep Conditioning Collagen Hair Mask for Has 4.9 Stars and Is 80% Off — Get It for $20! View Deal

Want even more protection? Add these smart habits to your routine:

• Keep your browser and operating system updated
• Monitor bank accounts frequently and set up alerts for suspicious activity
• Shop only on trusted websites
• Check for HTTPS in the URL before making any purchase

If you do suspect your card has been web skimmed, you’ll want to freeze the account immediately and report it to your bank or credit card company. This will give you a chance to dispute any fraudulent charges and get a new card.

The bottom line: While web skimming attacks are nearly invisible, you’re not powerless. Armed with these smart strategies, you can shop online with confidence.