Skip to Content
Security & privacy

The new way hackers are coming after you this holiday shopping season

Credit card skimming is one of the most frustrating crimes a person can deal with. You feel robbed because your money is gone, angry because someone took it and foolish because you didn’t notice the skimmer in the first place. But imagine how much worse it would be if your card information was skimmed without you ever knowing.

Well, that’s exactly what’s happening on websites across the internet — and the epidemic will only get worse as the holiday season approaches. Hackers have finally figured out how to skim credit cards from ordinary online stores without being detected. Using tricky bits of code, these cybercriminals lie in wait and capture your data right as you’re typing it in.

If you plan on making some holiday purchases this year, here’s how to keep your data from being stolen. Plus, we’ll go over some the most secure ways to shop and pay for items online. Click or tap to visit our guide on avoiding credit card fraud in the wild.

Forget credit card skimmers: Welcome to shopping cart skimmers

Reports of online shopping cart skimmers are already on the rise this year, but a new alert from the Department of Homeland Security is underscoring just how bad the problem really is. Any website using online shopping carts to process payments is at risk for so-called “e-skimming attacks.”

This is when hacker targets a shopping website, camps on users’ shopping carts and harvests the credit card numbers, names and addresses they enter when checking out.

Here’s how it works: Hackers penetrate unsecured websites and plant malicious lines of code into the platform’s shopping cart page. These codes will typically scan for when users type sensitive information, which is then transferred back to a central server for collection. The credit card data is then sold online to the highest bidder.

Some e-skimming operations are a bit more sophisticated.

In an article from USA Today, reporters described how hackers in Eastern Europe use e-skimmers and American employees to make purchases with the card info they steal. These items are then shipped to Eastern Europe and sold for a profit. Some hackers even put advertisements in Russian language newspapers sold in the U.S. to recruit new members for the scheme.

In 2019 alone, more than 6,500 business fell victim to e-skimming hacks. These are referred to as “Magecart Attacks.” Some of the companies were major names like Sesame Workshop and Arms Unlimited, and there may still be more compromised websites we don’t know about yet. Click or tap here to learn which businesses were targeted by Magecart Attacks in 2019.

How can I protect myself from Magecart Attacks?

The scariest thing about Magecart Attacks is they’re virtually invisible unless you know code. Most of us aren’t programmers or software developers, so we’ll need to take extra precautions when shopping online. Magecart Attacks are predicted to spike as the holidays approach, so prevention is the best course of action in the months ahead.

A website’s security must be weak in order for e-commerce platforms to compromise them. Larger websites with more visibility tend to have bigger security budgets, which means much tighter control over the data that goes in and out. Sites like Amazon, Walmart and Target are unlikely to suffer high profile hacks compared to small, independent online stores.

But the scale of a business doesn’t determine how safe it is. It’s still smart to use caution on any e-commerce platform. One of the best ways to protect yourself is to rely on a payment service like Paypal to complete transactions. Paypal stores your information on their own website, so when you use them to check out, you only need to enter your Paypal information to continue.

For extra safety, any website that lets you check out with Paypal redirects you to Paypal’s site to enter your username and password. This means hackers can’t skim this information, even if they’re watching your shopping cart.

Aside from this, the usual safety precautions of strong passwords, credit freezes and two-factor authentication apply here. By forcing hackers to take an extra step to acquire your information, you push them to give up on you and seek an easier target. Click or tap to learn how to set up two-factor authentication for the most popular platforms on the web.

cryptocurrency e-book hero

New eBook: ‘Cryptocurrency 101’

Don't want to lose your dough to crypto? Check out my new eBook, "Cryptocurrency 101." I walk you through buying, selling, mining and more!

Check it out