These attacks have cost victims millions of dollars collectively, and some online shopping platforms have been hit especially hard. Tap or click here to see how 2,000 online stores were hit by one Magecart campaign. As tricky as Magecart attacks are, hackers are still refining their tactics to make them even more effective. And now, a new campaign is using fake PayPal forms to trick customers. We’ll show you how to spot it.
Watch out for your money! This isn’t a real PayPal page
A new Magecart tactic found by security researcher Affable Kraut may be one of the most convincing ever. It uses an unusual technique to inject fake PayPal forms into online stores, and any information entered into these forms gets stolen by the hackers behind the scheme. This pattern goes a bit further than traditional Magecart attacks and their fake landing pages. To make itself as authentic-looking as possible, the Magecart system scans the victim’s shopping cart and checkout page and partially fills its fake PayPal forms with them. If you’ve ever used PayPal, you might know that you can save your information to autofill once your password is typed in. If you check out with PayPal and see your information already filled out, you’d have no reason to assume something was wrong. According to Kraut, it even passes along taxes and shipping information for extra details. These hackers are many things, but lazy isn’t one of them!
How can I spot the scam? What can I do to protect myself?
Even though this Magecart attack spoofs a PayPal form, you should still rely on secure payment methods like PayPal for online transactions. This is because PayPal encrypts your data and can offer some recourse in the event you get scammed. If you have two-factor authentication activated for PayPal, you’ll be asked to enter your code before you can check out. Fake PayPal forms from the Magecart attack will not prompt a 2FA login, so we’d advise setting this up on your PayPal account for extra security. Tap or click here to see how to set up 2FA for some of the most popular platforms on the web. In addition to 2FA, here are even more ways you can protect yourself from this kind of attack in the future. Want to make your online shopping experience even safer? Tap or click here for 5 safer ways to pay and shop online.