MacCommsMacCommsMacCommsMacComms
  • Home
  • About us
  • Our services
  • Who we’ve helped
  • PR tools & training
  • Our blog
  • Contact us
  •  

Cybersecurity firm issues warning as online fraud continues to grow

    Home Client news Cybersecurity firm issues warning as online fraud continues to grow
    NextPrevious
    black and white image of a man with short hair in a winter coat

    Cybersecurity firm issues warning as online fraud continues to grow

    By Ellie MacDonald | Client news | Comments are Closed | 29 September, 2021 | 0

    Fuelled by the pandemic, online fraud is on the increase and website performance and cybersecurity company RapidSpike warns the trend is set to continue.

    In 2020, there were 2,417,866 cases of remote purchase fraud, up 12% year on year. This fraud occurs when a criminal uses stolen card details to buy something on the internet, over the phone or through mail order.

    Globally, as much as $35 billion in Covid-related loans may have been fraudulent and these scams involving government benefits topped the UK list according to Experian. As those programs wind down, criminals will turn their focus to traditional digital fraud schemes, taking advantage of the increase in digital traffic to exploit data stolen over the past three years.

    But how do scammers get hold of your details? RapidSpike.com CEO Gav Winter, reveals the tactics they use.

    “Domain spoofing is one way hackers will try to defraud customers on a real website. This happened to British Airways when scammers managed to steal customer credit card information by infiltrating their website to send data to baways.com instead of the legitimate britishairways.com, which was also well hidden from the team. These kinds of attacks are extremely frequent, usually targeted at medium size businesses with smaller security teams but good revenue, but all businesses larger and small are at risk”

    In the past year, RapidSpike detected 12,500 potentially malicious hosts that were threatening the security of their clients’ websites. This is where hackers gain unauthorised website access through web skimming, formjacking and supply chain attacks.

    Gav adds: “Online criminals are constantly evolving the way they attack websites and ultimately steal customers’ details. Due to more and more businesses moving online throughout the pandemic this only gave hackers more opportunity. We predict website identity & payment theft will continue to grow over the next few years as more people get caught out. The responsibility is not only on consumers to be cautious when shopping online, but big businesses should be doing a lot more to check the security of their sites continuously, not just treating it as a box ticking exercise once a year, taking both proactive and reactive security measures. No matter how good your security is, human error can happen anytime. After all, if it can happen to brands like British Airways, it can happen to anyone.”

    Tactics used by hackers to avoid detection:

    Plugins

    In March 2020, WordPress announced that their Threat Intelligence team had discovered several vulnerabilities in ‘Popup Builder’, a WordPress plugin installed on over 100,000 sites. They explained how one vulnerability allowed an unauthenticated attacker to inject malicious JavaScript into any published popup, which would then be executed whenever the popup loaded. Plugins can be useful tools in delivering great customer experience, making design changes, and helping with workflow, however, they can also leave a website vulnerable to attacks. WordPress plugins have had multiple vulnerabilities over the years, plugins should be minimised to a manageable level and continuously updated to patch any vulnerabilities.

    Fake Checkouts

    A key web-skimming attack method is loading a fake checkout form before the legitimate checkout page or before a PayPal page. Customers have a good indication of if an attack has occurred if a second payment form is presented, unfortunately, at that point, the customer’s payment details have already been stolen. Checkout pages carry the most valuable information on the website and should be monitored carefully. A Synthetic User monitor can continuously walk through the checkout page and alert to any new hosts found, potentially before a data breach occurs.

    Malware Under Images

    In 2020, one of the new hacking methods observed was steganography-based skimmers. The technique involves hiding code within imagery to avoid detection. Hackers hide the image’s background JavaScript code to scrape the data needed. The Tupperware website was

    one victim of this style of attack, with malicious code hidden within a PNG file that activated a fraudulent payment form during the checkout process.

    Targeted Customers

    Skimmers are continuously advancing to evade detection including performing a search before loading a skimmer, to target a specific type of customer. RapidSpike’s Security Researcher discovered a hyper-targeted skimmer that only loaded after some prerequisites were met. The skimmer required the user to be on a mobile phone and in landscape mode. Additionally, a check was undertaken to ensure the user was on the checkout page, and did not have a developer toolbar present. Once the targeted customer had passed all the requirements, the skimmer would then load. It is therefore important that companies test their website from multiple browsers to ensure all customers receive the same experience.

    Case Study – Multi-brand U.S. Retailer

    In 2019, a U.S-based multi-brand retailer disclosed an attack on one of their websites. The site had been infected with a skimming code that stole customers’ payment data. Despite efforts to patch the vulnerabilities, they suffered numerous attacks over a two-year period.

    Approximately 9 million users visited the website in the time they were hacked.

    The multi-brand retailer contacted RapidSpike to monitor their reliability, performance and security across 15 websites plus any geographic variations. Self-service and managed User Journeys monitor user experience and security. RapidSpike security tools are used to look for configuration issues, vulnerabilities and potential exploits to find and help fix critical security issues.

    RapidSpike Magecart Attack Detection is active on all websites which have critical customer processes including checkouts and portal log-ins. This tool tracks all data sent by all hosts. Alerts are set up to immediately notify if something in the perimeter of their client-side website changes and if data is being sent somewhere untrusted.

    Using RapidSpike Magecart Detection, the retailer reduced detection time by 99.7%. In the last 12 months, over 17 million website visitors on the previously hacked website have been protected by RapidSpike’s Magecart Attack Detection. Over the past 2 years, RapidSpike has detected a number of similar attacks which have been quickly dealt with and plugged security blindspots which have protected the brands reputation.

    About RapidSpike.com

    Following extensive growth, the firm is embarking on an ambitious expansion strategy after accelerating by 550% in the last two years and taking investment from Praetura Ventures last year.

    RapidSpike believes everyone expects & has the right to fast, safe & reliable online experiences and helps businesses defend against client-side cyberattacks by detecting website identity and payment theft. Great, safe, websites improve conversions & customer loyalty.

    Furthermore, we believe in empowering the teams who support online customers with key critical information that meets those demands, minimises disruptions & makes everyone’s lives less stressful.

    Clients include US retail giant Helen of Troy alongside William Hill, Kurt Geiger and White Stuff.

    cyber security, RapidSpike, security

    Ellie MacDonald

    More posts by Ellie MacDonald

    Related Post

    • Trio of finance recruitment specialists launch purpose-driven business

      By Ellie MacDonald | Comments are Closed

      Three of Yorkshire’s most reputable and respected finance recruiters join forces to launch a new era of purpose-driven recruitment. Combining decades of experience, the trio aim to enhance and modernise the recruitment agency experience, whileRead more

    • 2-Work’s business event showcases best of business in Wakefield

      By Ellie MacDonald | Comments are Closed

      More than 70 business owners attended a unique event showcasing the best of Wakefield’s businesses at a unique event last week. 2-Work hosted the event dubbed ‘Ey Up Wakefield’ on Thursday 11th July where guestsRead more

    • The 2-Work Team

      ‘Ey Up Wakefield’ event to showcase best of business in the city

      By Ellie MacDonald | Comments are Closed

      We’re delighted to be working with leading office and co-working space, 2-Work to help put on an event to showcase the best of business in Wakefield next month. 2-Work at Tileyard North is hosting theRead more

    • Five Lanes Primary School previously took part in Simon on the Streets' Elf Run

      School children encouraged to take part in festive fundraiser to support West Yorkshire’s homeless

      By Ellie MacDonald | Comments are Closed

      School children across Bradford and Leeds are invited to take part in a Christmas-inspired fundraising event to raise funds for local homelessness charity, Simon on the Streets. Throughout December, hundreds of pupils across several WestRead more

    • The DUSK team taking part at Simon on the Streets Big SleepOut 2023. Photo by Sam Toolsie

      £25,000 raised as 75 people bed down on Leeds street for charity sleep-out

      By Ellie MacDonald | Comments are Closed

      75 people braved Storm Babet to sleep out on the streets of Leeds for a local homelessness charity, helping to raise almost £25,000. Sponsored by British online homeware retailer, DUSK.com, West Yorkshire homelessness charity SimonRead more

    NextPrevious

    Blog categories

    • Client news
    • Company news
    • Founders thoughts
    • Industry insights
    • Latest news
    • Meet the journo
    • Positive news
    • Thought piece

    Recent posts

    • Suicide Prevention Advocates Unite To Celebrate Hope 18th June 2025
    • Nexus leads the way in supporting entrepreneurs’ mental health 14th May 2025
    • Trio of finance recruitment specialists launch purpose-driven business 24th September 2024
    • Our sister company HelloHope creates guide of hope to mark World Suicide Prevention Day 6th September 2024
    • Miss Yorkshire latest person to become Suicide Prevention First Aider 19th August 2024

    Contact us

    0113 869 5242
    info@maccomms.net

    Visit us

    Nexus
    Discovery Way
    Leeds
    West Yorkshire
    LS2 3AA

    • Cookies
    • Privacy
    • T&Cs
    • Sitemap
    © 2024 Maccomms (Yorkshire) Ltd. All rights reserved.
    • Home
    • About Us
    • Our Services
    • Who We’ve Helped
    • PR tools & training
    • Our Blog
    • Contact Us
    MacComms