The NCSC (National Cyber Security Centre) based in the United Kingdom has issued a warning to the owners of over 4,000 online retailers that their sites had been penetrated in Magecart attacks (also known as digital skimming, web skimming, or e-Skimming) to steal consumers’ financial information. The attackers will then leverage this information for different financial and identity theft fraud operations, or sell it on hacking or carding forums to the highest bidder.
According to the UK cybersecurity organization, the National Cyber Security Centre, which is part of GCHQ, proactively discovered 4,151 hacked online businesses and warned companies of these security flaws until the end of September. The NCSC found that the bulk of the online companies used for skimming had been affected by a known vulnerability in Magento, a substantial e-commerce platform.
After finding the infected e-commerce sites through its Active Cyber Defence program in April 2020, NCSC issued warnings to site owners and small and medium-sized enterprises (SMEs). Magento — and any other software used by affected online merchants — should be kept up to date to prevent attackers from breaching their servers and compromising their online stores and customers’ information during Cyber Monday and Black Friday.
Individuals and families who wish to purchase online safely should only shop on trustworthy online retailers, use credit cards for online payments, and be wary of suspicious emails and text messages with offers sounding too good to be true, according to the guidance provided by the agency.
According to Steve Barclay, Chancellor of the Duchy of Lancaster, hackers would be out on Black Friday and Cyber Monday to steal buyers’ money and ruin businesses’ reputations by turning their websites into cyber traps. With more businesses going online, it’s vital to secure your company and your consumers by following the National Cyber Security Centre’s and British Retail Consortium’s recommendations.