Casio’s online store hit by bogus credit card stealing checkout form
Posted by:
Sarah Collins
UK Casio Store Targeted by Malicious Skimming Scripts
In a recent cyber attack, unknown threat actors infiltrated the Casio UK ecommerce store with malicious credit card skimming code that remained undetected for ten days. Customers who made purchases on the casio.co.uk domain between January 14 and 24 are advised to be cautious as their credit card details and personal information may have been compromised.
Jscrambler, the cybersecurity firm that discovered the breach, alerted Casio on January 28, leading to the swift removal of the malicious scripts within 24 hours. The attack, which also targeted 17 other websites, is believed to have exploited vulnerabilities in the Magento webstores.
Unlike typical skimming attacks that occur during the checkout process, this campaign utilized a fake checkout form to trick customers into providing sensitive details such as billing address, email address, phone number, credit card information, and more. The attackers employed various techniques to conceal the malicious code, making detection challenging.
To prevent such incidents, cybersecurity experts recommend implementing robust security measures like Content Security Policy (CSP) protections and utilizing automated script security software. The incident serves as a stark reminder of the importance of safeguarding online transactions and personal data from cyber threats.
Recent Posts1
