Explorer
Cyber Security Agency CERT-In Warns Of Credit Card Skimming; Issues Advisory For Users
Cyber criminals in these kind of frauds add skimming code on online shopping websites to steal credit card information shared by customers.
(Reoresentative Image/ Getty)
New Delhi: India's Cyber security agency - Computer Emergency Response Team (CERT-In) has issued a warning against incidents of credit card skimming frauds on various e-commerce websites across world. ALSO READ | Oxford Scientists Optimistic About Covid-19 Vaccine, Could Be Out By September As quoted in various media reports, the CERT-In stated that "credit card skimming through various e-commerce sites are spreading worldwide. Attackers are typically targeting e-commerce sites because of their wide presence, popularity and the environment LAMP (Linux, Apache, MySQL, and PHP)." According to the experts, the cyber criminals in these kind of frauds add skimming code on online shopping websites to steal credit card information shared by customers. They remotely inject malicious code into one of their legitimate JavaScript libraries which is mainly designed to obtain credit card numbers as well as passwords of the user. As per the release, the cyber criminals are targeting the websites which are hosted on Microsoft’s IIS server running with the ASP.NET web application framework. These include sports organisations, health, shopping portal and e-commerce websites among others which are affected the most by such attacks. ALSO READ | Google Announces Major Redesign For Gmail; Know About New 'Rooms' Feature The government agency has shared a few names of skimmer hosting sites:
- idpcdn-cloud[.]com
- joblly[.]com
- hixrq[.]net
- cdn-xhr[.]com
- rackxhr[.]com
- thxrq[.]com
- hivnd[.]net
- The agency advised the users to use only the latest version of ASP.NET web framework, IIS Web server and database server.
- It further asked he users to apply new or the updated security patches on the OS and applications (when available) through OEM to prevent such attacks.
- The users should be careful and must restrict or deny all and any kind of access by default. They should allow only the necessary access.
- The users must also conduct complete and regular security checks of web application, web server and database server. After every major configuration, users may change and plug vulnerabilities if found any.
- The users may also opt to apply Security Information and Event Management (SIEM) solutions.
Related Video
Delhi News: Why Bulldozer Action Was Conducted at Night? DCP Nitin Valson Explains Key Reasons
Follow Breaking News on ABP Live for more latest stories and trending topics. Watch breaking news and top headlines online on ABP News LIVE TV
Top Headlines
Cities
5 Arrested After Violence Erupts During Delhi Demolition Drive, 5 Cops Injured; Police Probe Conspiracy Angle
India
Karnataka BJP Woman Worker 'Assaulted, Stripped' During Clash With Police
World
India Concerned Over Venezuela Crisis, Urges Dialogue & Citizens’ Safety, Says Jaishankar
Cities
Five Cops Injured, 10 Detained As Anti-Encroachment Drive Turns Violent In Old Delhi, Mosque Safe: Updates
See Today's Weather 
powered by
Justin M Bharucha
Opinion
