MacCommsMacCommsMacCommsMacComms
  • Home
  • About us
  • Our services
  • Who we’ve helped
  • PR tools & training
  • Our blog
  • Contact us
  •  

Cybersecurity firm issues warning as online fraud continues to grow

    Home Client news Cybersecurity firm issues warning as online fraud continues to grow
    NextPrevious
    black and white image of a man with short hair in a winter coat

    Cybersecurity firm issues warning as online fraud continues to grow

    By Ellie MacDonald | Client news | Comments are Closed | 29 September, 2021 | 0

    Fuelled by the pandemic, online fraud is on the increase and website performance and cybersecurity company RapidSpike warns the trend is set to continue.

    In 2020, there were 2,417,866 cases of remote purchase fraud, up 12% year on year. This fraud occurs when a criminal uses stolen card details to buy something on the internet, over the phone or through mail order.

    Globally, as much as $35 billion in Covid-related loans may have been fraudulent and these scams involving government benefits topped the UK list according to Experian. As those programs wind down, criminals will turn their focus to traditional digital fraud schemes, taking advantage of the increase in digital traffic to exploit data stolen over the past three years.

    But how do scammers get hold of your details? RapidSpike.com CEO Gav Winter, reveals the tactics they use.

    “Domain spoofing is one way hackers will try to defraud customers on a real website. This happened to British Airways when scammers managed to steal customer credit card information by infiltrating their website to send data to baways.com instead of the legitimate britishairways.com, which was also well hidden from the team. These kinds of attacks are extremely frequent, usually targeted at medium size businesses with smaller security teams but good revenue, but all businesses larger and small are at risk”

    In the past year, RapidSpike detected 12,500 potentially malicious hosts that were threatening the security of their clients’ websites. This is where hackers gain unauthorised website access through web skimming, formjacking and supply chain attacks.

    Gav adds: “Online criminals are constantly evolving the way they attack websites and ultimately steal customers’ details. Due to more and more businesses moving online throughout the pandemic this only gave hackers more opportunity. We predict website identity & payment theft will continue to grow over the next few years as more people get caught out. The responsibility is not only on consumers to be cautious when shopping online, but big businesses should be doing a lot more to check the security of their sites continuously, not just treating it as a box ticking exercise once a year, taking both proactive and reactive security measures. No matter how good your security is, human error can happen anytime. After all, if it can happen to brands like British Airways, it can happen to anyone.”

    Tactics used by hackers to avoid detection:

    Plugins

    In March 2020, WordPress announced that their Threat Intelligence team had discovered several vulnerabilities in ‘Popup Builder’, a WordPress plugin installed on over 100,000 sites. They explained how one vulnerability allowed an unauthenticated attacker to inject malicious JavaScript into any published popup, which would then be executed whenever the popup loaded. Plugins can be useful tools in delivering great customer experience, making design changes, and helping with workflow, however, they can also leave a website vulnerable to attacks. WordPress plugins have had multiple vulnerabilities over the years, plugins should be minimised to a manageable level and continuously updated to patch any vulnerabilities.

    Fake Checkouts

    A key web-skimming attack method is loading a fake checkout form before the legitimate checkout page or before a PayPal page. Customers have a good indication of if an attack has occurred if a second payment form is presented, unfortunately, at that point, the customer’s payment details have already been stolen. Checkout pages carry the most valuable information on the website and should be monitored carefully. A Synthetic User monitor can continuously walk through the checkout page and alert to any new hosts found, potentially before a data breach occurs.

    Malware Under Images

    In 2020, one of the new hacking methods observed was steganography-based skimmers. The technique involves hiding code within imagery to avoid detection. Hackers hide the image’s background JavaScript code to scrape the data needed. The Tupperware website was

    one victim of this style of attack, with malicious code hidden within a PNG file that activated a fraudulent payment form during the checkout process.

    Targeted Customers

    Skimmers are continuously advancing to evade detection including performing a search before loading a skimmer, to target a specific type of customer. RapidSpike’s Security Researcher discovered a hyper-targeted skimmer that only loaded after some prerequisites were met. The skimmer required the user to be on a mobile phone and in landscape mode. Additionally, a check was undertaken to ensure the user was on the checkout page, and did not have a developer toolbar present. Once the targeted customer had passed all the requirements, the skimmer would then load. It is therefore important that companies test their website from multiple browsers to ensure all customers receive the same experience.

    Case Study – Multi-brand U.S. Retailer

    In 2019, a U.S-based multi-brand retailer disclosed an attack on one of their websites. The site had been infected with a skimming code that stole customers’ payment data. Despite efforts to patch the vulnerabilities, they suffered numerous attacks over a two-year period.

    Approximately 9 million users visited the website in the time they were hacked.

    The multi-brand retailer contacted RapidSpike to monitor their reliability, performance and security across 15 websites plus any geographic variations. Self-service and managed User Journeys monitor user experience and security. RapidSpike security tools are used to look for configuration issues, vulnerabilities and potential exploits to find and help fix critical security issues.

    RapidSpike Magecart Attack Detection is active on all websites which have critical customer processes including checkouts and portal log-ins. This tool tracks all data sent by all hosts. Alerts are set up to immediately notify if something in the perimeter of their client-side website changes and if data is being sent somewhere untrusted.

    Using RapidSpike Magecart Detection, the retailer reduced detection time by 99.7%. In the last 12 months, over 17 million website visitors on the previously hacked website have been protected by RapidSpike’s Magecart Attack Detection. Over the past 2 years, RapidSpike has detected a number of similar attacks which have been quickly dealt with and plugged security blindspots which have protected the brands reputation.

    About RapidSpike.com

    Following extensive growth, the firm is embarking on an ambitious expansion strategy after accelerating by 550% in the last two years and taking investment from Praetura Ventures last year.

    RapidSpike believes everyone expects & has the right to fast, safe & reliable online experiences and helps businesses defend against client-side cyberattacks by detecting website identity and payment theft. Great, safe, websites improve conversions & customer loyalty.

    Furthermore, we believe in empowering the teams who support online customers with key critical information that meets those demands, minimises disruptions & makes everyone’s lives less stressful.

    Clients include US retail giant Helen of Troy alongside William Hill, Kurt Geiger and White Stuff.

    cyber security, RapidSpike, security

    Ellie MacDonald

    More posts by Ellie MacDonald

    Related Post

    • Homelessness charity secures raft of new business supporters

      By Ellie MacDonald | Comments are Closed

      A West Yorkshire homelessness charity has signed up six business supporters as charity partners of the year. Simon on the Streets has welcomed West Yorkshire Combined Authority, Sky, accounting giant PwC’s Leeds and Bradford offices,Read more

    • Vet-AI appoints first People Director

      By Ellie MacDonald | Comments are Closed

      Veterinary technology company, Vet-AI, has appointed its first People Director as the business builds its senior team to forge ahead with scale-up plans.  Laura Stocker has joined Vet-AI as the Leeds-headquartered vet-tech firm confirmed aRead more

    • Vet-AI secures new investment in latest funding round

      By Ellie MacDonald | Comments are Closed

      Veterinary technology company, Vet-AI, has secured a combined investment from Hill’s Pet Nutrition and Correlation One Holdings (“Correlation”) as it moves forward with its mission to provide preventative veterinary care and ease pressure on veterinaryRead more

    • M&S’s new flagship Stevenage store unveils striking exterior signage

      By Ellie MacDonald | Comments are Closed

      A six-figure project to install striking exterior signage at a newly opened Marks & Spencer store in Stevenage has been completed.   Signage specialist Widd Signs designed, manufactured, and installed over a dozen eye-catching signsRead more

    • Entrepreneurial spirit sought for charity’s accumulator challenge

      By Ellie MacDonald | Comments are Closed

      West Yorkshire homelessness charity Simon on the Streets has launched its first ever accumulator challenge, inviting businesses and people with an entrepreneurial flair to turn £40 into thousands. Individuals and teams who apply will beRead more

    NextPrevious

    Blog categories

    • Client news
    • Company news
    • Founders thoughts
    • Latest news
    • Meet the journo
    • Positive news
    • Thought piece

    Recent posts

    • Homelessness charity secures raft of new business supporters 28th June 2022
    • Vet-AI appoints first People Director 7th June 2022
    • Vet-AI secures new investment in latest funding round 4th May 2022
    • M&S’s new flagship Stevenage store unveils striking exterior signage 29th April 2022
    • Entrepreneurial spirit sought for charity’s accumulator challenge 29th April 2022

    Contact us

    0113 869 5242
    info@maccomms.net

    Visit us

    15 Queen Square
    Leeds
    West Yorkshire
    LS2 8AJ

    • Cookies
    • Privacy
    • T&Cs
    • Sitemap
    © 2015 - 2021 Maccomms (Yorkshire) Ltd. All rights reserved. Site by Media29
    • Home
    • About Us
    • Our Services
    • Who We’ve Helped
    • PR tools & training
    • Our Blog
    • Contact Us
    MacComms