The cybersecurity agency of the central government, CERT-In, has warned the people of the country against incidents of credit card skimming on e-commerce websites across the world.
The Indian Computer Emergency Response Team (CERT-In) in an official post said hackers are targeting the websites that are hosted on Microsoft’s IIS server which is running on the ASP.NET web application framework.
In its advisory, CERT-In said: “It has been reported that credit card skimming through various e-commerce sites are spreading worldwide.”
“Attackers are typically targeting e-commerce sites because of their wide presence, popularity and the environment LAMP (Linux, Apache, MySQL, and PHP),” it said.
CERT-In explained how in this type of attack, the attackers remotely appended and obfuscated malicious code into one of their legitimate JavaScript libraries or injected full skimming code directly into the compromised JavaScript library.
CERT-In has shared the names of skimmer hosting sites. These websites include idpcdn-cloud[.]com; joblly[.]com; hixrq[.]net; cdn-xhr[.]com; rackxhr[.]com; thxrq[.]com; hivnd[.]net; 31[.]220[.]60[.]108
How to avoid debit, credit card frauds? Here are 9 ways:
Use the cards on trusted online merchants: One way of cutting down card frauds is making sure that you use your cards on trusted websites when shopping online. Trusted websites are those which are SSL-certified, uses a protocol like ‘https’ rather than ‘http’, MasterCard’s SecureCode, etc.
Be careful of malware: As any electronic device, be it your smartphone or laptop, is a gateway to the banking account, it is important to be aware of what is installed on the device. If you end up clicking on a malware link, hackers may be able to spy and steal your financial data.
Avoid using public networks: Given that most of the people carry out financial transactions using plastic money, using public Wi-Fi or unsecured networks must be avoided at all costs as they become easy targets for fraudsters.
Don’t disclose card information: If you get a number of calls/e-mails asking for sensitive information regarding your credit/debit cards, and bank information make sure to not share information like bank account number, card number, PIN, CVV, or password.
Opt for two-factor authentication: Opting for two-factor authentication is another way to make sure that debit/credit cards can’t be used for fraudulent transactions. Under this type of authentication, an OTP is generated and sent to the registered mobile number every time a financial transaction is initiated.
Watch out for skimming devices at ATMs: When using the debit card to withdraw cash from ATMs, be sure to check for skimming devices.
Set a difficult password: Be it your 4-digit PIN or the internet banking password, make sure that it is a difficult or unpredictable one. It should be a unique combination of numbers or of alphabets, numbers, and special characters.
Register for alerts: Register for mobile or e-mail alerts on both credit and debit card transactions. This will ensure that you get updates on every transaction that is carried out using your card.
Immediately report fraud transactions/loss of cards: In case any unauthorised transaction takes place from your account, immediately report it to the bank/card-issuing company and ask them to block the transaction and your card.