Web skimming attacks steal card data from checkout pages undetected
NEWYou can now listen to Fox News articles!
Online shopping seems familiar and fast, but a hidden threat continues to operate behind the scenes.
Researchers are tracking a long-running web skimming campaign that targets businesses connected to major payment networks. Web skimming is a technique in which criminals secretly add malicious code to checkout pages so they can steal payment information as shoppers enter it.
These attacks work quietly in the browser and often leave no obvious signs. Most victims only discover the problem after unauthorized accusations appear on their statements.
Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive offers straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM bulletin.
WHATSAPP WEB MALWARE AUTOMATICALLY SPREAD BANKING TROJAN
Web skimming attacks hide in checkout pages and steal card details as shoppers enter them. (Kurt “CyberGuy” Knutsson)
What is Magecart and why it matters
Magecart is the name researchers use to refer to groups specializing in web-skimming attacks. These attacks focus on online stores where shoppers enter payment information during checkout. Instead of hacking banks or card networks directly, attackers slip malicious code into a store’s checkout page. This code is written in JavaScript, which is a common type of website code used to make pages interactive. Legitimate sites use it for things like forms, buttons, and payment processing.
In Magecart attacks, criminals abuse this same code to secretly copy card numbers, expiration dates, security codes, and billing details as buyers enter them. The register is still functioning and the purchase is made, so there are no obvious warning signs. Magecart initially described attacks against online stores based on Magento. Today, the term applies to web skimming campaigns across many e-commerce platforms and payment systems.
Which payment providers are targeted?
Researchers say this campaign targets merchants linked to several major payment networks, including:
- American Express
- Diners Club
- Discover, a subsidiary of Capital One
- JCB Co., Ltd.
- MasterCard
- UnionPay
Larger businesses that rely on these payment providers face higher risk due to the complexity of websites and third-party integrations.
CREDIT 700 DATA BREACH EXPOSES THE SSNS OF 5.8 M CONSUMERS
Criminals use a hidden code to copy payment data while the purchase is taking place normally. (Kurt “CyberGuy” Knutsson)
How attackers slip skimmers into checkout pages
Attackers usually enter through weak points that are easy to ignore. Common entry paths include vulnerable third-party scripts, outdated plugins, and unpatched content management systems. Once inside, they inject JavaScript directly into the payment flow. The skimmer monitors form fields related to card data and personal details, then discreetly sends this information to servers controlled by the attackers.
Why Web Skimming Attacks Are Hard to Detect
To avoid detection, malicious JavaScript is heavily obfuscated. Some versions may delete themselves when they detect an administrator session, making inspections appear clean. Researchers also discovered that the campaign uses ironclad hosting. These hosting providers ignore abuse reports and takedown requests, providing attackers with a stable environment to operate. Because web skimmers run inside the browser, they can bypass many server-side anti-fraud controls used by merchants and payment providers.
Who are most affected by Magecart website hijacking attacks?
Magecart campaigns impact three groups at the same time:
- Shoppers who unknowingly give up their card details
- Merchants with compromised checkout pages
- Payment providers that detect fraud once the damage has been caused
This shared exposure makes detection slower and response more difficult.
NEW MALWARE CAN READ YOUR PUSSIES AND STEAL YOUR MONEY
Simple protections like virtual cards and transaction alerts can limit damage and reveal fraud faster. (Kurt “CyberGuy” Knutsson)
How to stay safe as a buyer
While shoppers can’t fix compromised checkout pages, a few smart habits can reduce exposure, limit how stolen data is used, and help detect fraud faster.
1) Use virtual or single-use cards
Virtual and single-use cards are digital card numbers that are linked to your real credit or debit account without revealing the real number. They work like a normal card when paying, but add an extra layer of protection. Most people already have access to it through the services they use every day, including:
Top banks and credit card issuers that offer virtual card numbers in their apps
Mobile wallet apps like Apple Pay and Google Pay generate temporary card numbers for online purchases, keeping your real card number hidden.
Some payment apps and navigation tools that create single-use or merchant-locked card numbers
A single-use card typically works for a single purchase or expires shortly after use. A virtual card can remain active for a store and be suspended or deleted later. If a web skimming attack captures one of these numbers, attackers generally cannot reuse it elsewhere or generate repeat charges, limiting financial damage and making it easier to combat fraud.
2) Enable transaction alerts
Transaction alerts notify you as soon as your card is used, even for small purchases. If web fraud leads to fraud, these alerts can quickly reveal unauthorized charges and give you the opportunity to freeze the card before losses mount. For example, a $2 test fee on your card may flag fraud before larger purchases appear.
3) Lock financial accounts
Use strong, unique passwords for banking and card portals to reduce the risk of account takeovers. A password manager allows them to be generated and stored securely.
Next, check to see if your email has been exposed in past breaches. Our #1 choice for password manager includes a built-in breach scanner that checks to see if your email address or passwords have appeared in known leaks. If you discover a match, immediately change any reused passwords and secure those accounts with new, unique credentials.
Discover the Best Expert-Rated Password Managers of 2026 at Cyberguy.com.
4) Install powerful antivirus software
Strong antivirus software can block connections to malicious domains used to collect skimmed data and warn you of dangerous websites.
The best way to protect yourself from malicious links that install malware, potentially accessing your private information, is to install powerful antivirus software on all your devices. This protection can also alert you to phishing emails and ransomware scams, protecting your personal information and digital assets.
Get my picks for the best 2026 antivirus protection winners for your Windows, Mac, Android, and iOS devices at Cyberguy.com.
5) Use a data deletion service
Data removal services can reduce the amount of personal information exposed online, making it harder for criminals to associate stolen card data with full identity details.
Although no service can guarantee the complete removal of your data from the Internet, a data deletion service is definitely a wise choice. They’re not cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically deleting your personal information across hundreds of websites. This is what gives me peace of mind and has proven to be the most effective way to erase your personal data from the Internet. By limiting the information available, you reduce the risk of fraudsters cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you.
Check out my top picks for data deletion services and get a free scan to find out if your personal information is already available on the web by visiting Cyberguy.com.
Get a free analysis to find out if your personal information is already available on the web: Cyberguy.com.
6) Monitor unexpected card activity
Review statements regularly, even for small charges, as attackers often test stolen cards with low-value transactions.
Kurt’s Key Takeaways
Magecart web skimming demonstrates how attackers can exploit trusted payment pages without disrupting the shopping experience. Although consumers can’t fix compromised sites, simple protection measures can reduce risk and help detect fraud early. Online payments rely on trust, but this campaign shows why that trust should always be combined with caution.
Does knowing how Web Skimming works make you rethink how secure online payment really is? Let us know by writing to us at Cyberguy.com.
CLICK HERE TO DOWNLOAD THE FOX NEWS APP
Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive offers straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM bulletin.
Copyright 2026 CyberGuy.com. All rights reserved.
