Global security firm Sucuri has uncovered a new phishing technique which plants malicious code on authentic e-commerce checkout pages and payment modules.
Phishing attacks online have typically taken the form of either site hijacking to infect a payment platform and log users’ credit card details, or site imitation where fake modules collect login and payment details. Now, the Sucuri team suggests in a blog post that attackers have devised a new way to combine these traditional phishing tactics, creating a technique which is virtually undetectable to the consumer and even to security solutions.
The security researchers have discovered the new technique across a number online stores which run WordPress WooCommerce and Prestashop.
As well as checkout page phishing, Sucuri detected payment modules, such as PayPal’s, hosted on criminal servers. While this attack had only been seen on a few sites, it is expected to be present across a large number of online portals as it is extremely hard to flag.
Sucuri’s Denis Sinegubko, commented in the blog post that the attacks are particularly successful as the consumer tends to feel safe once at this stage of the shopping process, after logging in, setting up order details and spending so much time on the actual site.
‘Since victims are already in shopping mode and ready to enter their credit card number anyway, this phishing attempt may be more successful than classical tricks that distract victims from their tasks and ask to do something else instead. As a result, your credit card details will be stolen and the e-commerce site owner will lose the sale,’ he said.