Hacked Credit Cards for Online Shopping: A Growing Concern

Hacked credit cards for online shopping are a serious issue, with over 15 million credit card numbers compromised in a single data breach in 2019.

The scale of the problem is staggering, with a single data breach exposing sensitive information of over 1 million individuals in 2020.

Online shopping is a convenient and popular way to make purchases, but it also comes with risks, such as the possibility of your credit card information being stolen.

In fact, a study found that 71% of online shoppers have had their credit card information compromised at some point.

Broaden your view: Best Credit Cards for Shopping

Hacked credit cards can be a nightmare for online shoppers. Burkov's website, Cardplanet, sold stolen payment card numbers, including those from U.S. citizens.

The website was advertised on Dark Web cybercrime forums, making it easily accessible to cybercriminals. This is a key point to remember: if a website is advertised on suspicious forums, it's best to steer clear.

Burkov offered a money-back guarantee for any invalid card numbers purchased from the site, which is a pretty bold move. This guarantee likely helped to build trust among potential buyers, making it easier for them to make fraudulent purchases.

The website offered a "checker" service for a fee, allowing cybercriminals to instantly validate stolen payment card numbers. This service made it easier for buyers to verify the validity of the stolen credit cards before making a purchase.

Cardplanet kept its product pipeline full by soliciting sales of stolen card payment data from other cybercriminals on carding forums. This is a clever tactic to keep the website stocked with new credit card numbers.

Expand your knowledge: Credit Card Numbers Hacked

Hackers are using modern, realistic-looking fake payment forms to steal credit cards from unsuspecting customers.

These payment forms are displayed as modals, which are HTML content overlays that appear on top of the main webpage.

The modals are designed to blend in with the original payment form, making it difficult for users to spot the difference.

In some cases, the modals are even more visually appealing than the original payment form, with no obvious signs that they're not real.

One example highlighted in a Malwarebytes report concerns a PrestaShop-based Parisian travel accessory store compromised by the Kritec campaign.

The skimmer used in this case is rather complex and has code that's heavily obfuscated with base64 encoding.

The fake payment form displayed to users features the brand's logo, correct language, and elegant interface elements.

However, this form is designed to steal customers' credit card information and send it back to the hackers.

The skimmer drops a cookie on users who have been successfully targeted to prevent loading the malicious modal again on the same or another site.

This is done to avoid collecting duplicate data and minimize the operation's exposure.

Unfortunately, Malwarebytes observed evidence that the trend of using modal forms is gaining traction in the Magecart cybercrime community.

Other examples of websites serving fake payment modals on visitors include a Dutch and a Finnish e-commerce site, both featuring elegant design that helps them pass as authentic.

It's possible that multiple threat actors are involved in these campaigns and customizing skimmers accordingly.

Online shoppers need to be highly vigilant and prefer electronic payment methods or one-time private cards with charge limits that are useless in the hands of cybercriminals.

Stolen credit cards can be worth a surprising amount of money. The price for stolen data from cards varied from $2.50 to $60, depending on card type, country of origin, and availability of personally identifying information.

The value of stolen credit cards can be affected by the type of card, with some cards being more valuable than others. Cardholder information, such as name and address, can increase the value of a stolen card.

In some cases, stolen credit cards can be worth more than $50. This is likely due to the increased availability of personally identifying information.

Hackers are getting creative with their scams, using realistic-looking fake payment forms to steal credit cards from unsuspecting customers.

These fake payment forms are displayed as modals, which are HTML content overlays on top of the main webpage. They can look even better than the original payment forms, making it hard to spot them as fake.

The hackers behind this scam are using a type of malware called MageCart, which is a JavaScript credit card skimmer. This malware is complex and heavily obfuscated, making it difficult to detect.

The scammers are targeting online stores, including a PrestaShop-based Parisian travel accessory store, and a Dutch and Finnish e-commerce site. They display a modal that features the brand's logo, correct language, and elegant interface elements, making it look like the real thing.

But once you enter your credit card details, the scammers steal your information and send it back to them. They even drop a cookie on your device to prevent loading the malicious modal again.

Online shoppers need to be vigilant and prefer electronic payment methods or one-time private cards with charge limits that are useless in the hands of cybercriminals.

Losing your credit card information to hackers can be a nightmare, and the consequences can be severe.

You could end up with a huge amount of debt, as hackers may go on a shopping spree with your card.

Credit card companies may not cover all unauthorized charges, leaving you to pay the difference.

You might also be liable for up to $50 in charges, depending on your card issuer's policies.

Identity theft is another possible consequence, as hackers can use your card information to steal your identity.

This could lead to a range of problems, from having to cancel your credit card to dealing with the emotional fallout of being a victim of identity theft.

In extreme cases, hackers may even use your card information to make large purchases or take out loans in your name.

This can have serious long-term consequences for your credit score and financial stability.

A fresh viewpoint: Credit Cards to Use for Online Validation

The masterminds behind online shopping are the ones who make it possible for us to shop from the comfort of our own homes. They're the ones who create the websites, design the user interfaces, and make sure our transactions are secure.

Online shopping platforms like Amazon and eBay have made it easier than ever to shop online, with millions of products available at our fingertips. In fact, Amazon alone has over 300 million active customers worldwide.

But have you ever stopped to think about the people who make online shopping possible? From the website developers to the customer service representatives, they're all essential to making our online shopping experience smooth and enjoyable.

Consider reading: Shopping Cart Tricks for Credit Cards

Credit card sites are hacked when cybercriminals exploit vulnerabilities in the payment processing system. They often use malware to steal sensitive information.

One common way hackers gain access is through phishing scams, where they trick users into revealing their login credentials. This was seen in the case of a popular online retailer that fell victim to a phishing attack.

Outdated software and plugins can also leave a site vulnerable to hacking. In one instance, a website's failure to update its plugin led to a security breach.

Poor password management is another contributing factor. Users often reuse passwords across multiple sites, making it easy for hackers to gain access to other accounts.

Inadequate server security can also lead to hacking. A site's server must be regularly updated and monitored to prevent cyber attacks.

Take a look at this: Travel Hacking with Credit Cards

Aleksei Burkov, the 29-year-old Russian national, was the mastermind behind the hacked credit card marketplace. He was arrested in 2015 and has been fighting extradition to the United States until his final Israeli appeal ran out.

Burkov's site, Cardplanet, sold stolen payment card numbers, primarily from U.S. citizens. He advertised his site on Dark Web cybercrime forums.

He offered a money-back guarantee for any invalid card numbers purchased from the site, making it a more attractive option for cybercriminals. This guarantee was a clever tactic to build trust with his customers.

Burkov also offered a service called "checker" for a fee, where cybercriminals could instantly validate stolen payment card numbers. This service helped his customers verify the authenticity of the stolen data.

Burkov kept his product pipeline full by soliciting sales of stolen card payment data from other cybercriminals on carding forums. He was always looking for new ways to supply his customers with fresh stolen data.

He dealt in top names, including credit cards branded with the names of the largest credit card companies in the United States. This was a deliberate move to make the stolen data more valuable to his customers.

Here are some ways Burkov helped move so many credit cards, adding up to at least $20 million in fraud: