NEWNow you can listen to Fox News articles!
Online shopping feels familiar and fast, but a hidden threat continues to operate behind the scenes.
Researchers are tracking a long-running web skimming campaign targeting businesses connected to major payment networks. Web skimming is a technique where criminals secretly add malicious code to checkout pages to steal payment information as consumers type it.
This attack works silently inside the browser and usually leaves no obvious traces. Many victims only find out about the problem after unauthorized charges appear in their statements.
Sign up for my FREE CyberGuy report
Get my best tech tips, emergency security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join CYBERGUY.COM newspaper.
WHATSAPP WEB MALWARE SPREADS BANKING TROJAN AUTOMATICALLY
Web skimming attacks hide inside payment pages and steal card information as consumers type it. (Kurt “CyberGuy” Knutsson)
What is Magecart and why is it important
Magecart is the name researchers use for groups working on web-skimming attacks. This attack focuses on online stores where consumers enter payment information during checkout. Instead of hacking banks or card networks directly, attackers insert malicious code into the store’s checkout page. That code is written in JavaScript, which is a common type of website code used to make pages interactive. Legitimate sites use things like forms, buttons, and payment processing.
In the Magecart attack, criminals use the same code to secretly copy card numbers, expiration dates, security codes, and payment information as shoppers type them. The checkout still works, and the shopping continues, so there’s no obvious warning sign. Magecart originally described the attack on Magento-based online stores. Today, this term applies to web-skimming campaigns in all e-commerce platforms and payment systems.
Which payment providers are you targeting?
Researchers say the campaign targeted merchants tied to several major payment networks, including:
- American Express
- The Diners Club
- Discover, a subsidiary of Capital One
- JCB Co., Ltd.
- MasterCard
- UnionPay
Large businesses that rely on these payment providers face significant risks due to complex websites and third-party integrations.
700CREDIT DATA OUTPUT EXCEEDS SSNS FOR 5.8M CUSTOMERS
Hackers use a hidden code to copy payment data while the transaction goes through normally. (Kurt “CyberGuy” Knutsson)
How attackers drive surfers to payment pages
Attackers often enter through weak points that are easy to spot. Common entry points include vulnerable third-party scripts, outdated plugins and unpublished content management systems. Once inside, they inject JavaScript directly into the exit flow. Skimmer monitors create fields tied to card data and personal information, then silently send that information to servers controlled by attackers.
Why web skimming attacks are difficult to detect
To avoid detection, malicious JavaScript is heavily obfusified. Some versions can log them out if they find an administrator session, which makes testing appear cleaner. The researchers also found that the campaign uses letter manipulation. These hosting providers ignore abuse reports and takedown requests, giving attackers a stable environment to operate. Because web publishers work inside the browser, they can bypass many of the server-side fraud controls used by merchants and payment providers.
Who does the Magecart web skimming attack affect the most?
Magecart campaigns affect three groups at once:
- Consumers who unwittingly give up card data
- Marketers have their exit pages vulnerable
- Payment providers who discover fraud after the damage has been done
This shared exposure makes discovery slower and responding more difficult.
NEW MALWARE CAN READ YOUR CONVERSATIONS AND STEAL YOUR MONEY
Simple protections such as virtual cards and transaction alerts can limit damage and detect fraud quickly. (Kurt “CyberGuy” Knutsson)
How to stay safe as a consumer
While consumers can’t fix compromised payment pages, a few smart practices can reduce exposure, limit how stolen data is used, and help catch fraud quickly.
1) Use physical or disposable cards
Virtual and single-use cards are digital card numbers that connect to your physical credit or bank account without revealing the actual number. They work like a regular card at checkout, but add an extra layer of security. Most people already have access to the services they use every day, including:
Major banks and credit card issuers offer virtual card numbers within their applications
Mobile wallet apps like Apple Pay and Google Pay generate temporary card numbers for online purchases, keeping your real card number hidden.
Some payment applications and browser tools generate one-time or merchant-locked card numbers
A single-use card is valid for one purchase or expires shortly after use. A virtual card can always be active in one store and be paused or removed later. If a web skimming attack captures one of these numbers, attackers often cannot reuse it elsewhere or run recurring costs, which limits financial damage and makes fraud easier to stop.
2) Turn on transaction alerts
Transaction alerts let you know when your card is being used, even for small purchases. If web skimming leads to fraud, these alerts can quickly reveal unauthorized charges and give you a chance to stop the card before losses mount. For example, a $2 check charge on your card can indicate fraud before a large purchase occurs.
3) Close financial accounts
Use strong, unique passwords for bank and card portals to reduce the risk of account takeover. A password manager helps you create and store them safely.
Next, see if your email has been exposed in a previous breach. Our #1 password manager pick includes a built-in scanner that checks if your email address or passwords came from a known leak. If you find a match, immediately change any passwords that have been reused and secure those accounts with new, different credentials.
Check out the best password managers reviewed in 2026 at Cyberguy.com.
4) Install strong antivirus software
Strong antivirus software can block connections to malicious domains used to collect skimmed data and warn you about unsafe websites.
The best way to protect yourself from malicious links that contain malware, which may have access to your private information, is to install strong anti-virus software on all your devices. This protection can alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.
Find my picks for the best antivirus 2026 winners for your Windows, Mac, Android and iOS devices at Cyberguy.com.
5) Use a data removal service
Data removal services can reduce how much personal information is exposed online, making it harder for criminals to match stolen card data with full identity information.
Although no service can guarantee the complete removal of your data from the Internet, a data removal service is definitely a smart choice. They are not cheap, and neither is your privacy. These services do all the work for you by actively monitoring and deleting your personal information from hundreds of websites. That’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of fraudsters transferring data from information breaches they may find on the dark web, making it harder for them to identify you.
Check out my top picks for data removal services and get a free scan to find out if your personal information is already out there on the web by visiting Cyberguy.com.
Get a free scan to find out if your personal information is already out there on the web: Cyberguy.com.
6) Watch unexpected card activity
Review statements regularly, even for small charges, as attackers often check stolen cards for low-value transactions.
Kurt’s priority is taking
Magecart web skimming shows how attackers can use trusted payment pages without compromising the shopping experience. Although consumers cannot repair compromised sites, simple protection can reduce risk and help catch fraud early. Online payments depend on trust, but this campaign shows why that trust must be paired with caution.
Does knowing how web skimming works make you rethink how safe it is to go online? Let us know by writing to us at Cyberguy.com.
CLICK HERE TO DOWNLOAD THE FOX NEWS PROGRAM
Sign up for my FREE CyberGuy report
Get my best tech tips, emergency security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join CYBERGUY.COM newspaper.
Copyright 2026 CyberGuy.com. All rights reserved.
