MICROSOFT has issued an important warning about a malicious scam that can steal your credit card information.

The latest techniques employed by hackers are more subtle than previous card-skimming schemes, the company warned.

2

Web skimming is a hacking term for using code to scan a webpage for payment information.

Microsoft said web skimming attempts are normally deployed on browser platforms such as “Magento, PrestaShop and WordPress” due to their widespread use and connection to e-commerce.

In November 2021, a malicious bug was planted in a Magento server that automatically searched for the terms “payment” and “one page” when looking for credit card data.

The FBI said the hackers were “sending the recovered data to a server controlled by an actor who was impersonating a legitimate card processing server.”

The latest version of the scam involves writing a “PHP script” on the server.

The piece of code will remain silent and idle until it determines that the site administrators are not logged in, according to ZDNet.

“Based on previous similar attacks, we believe the attacker used a PHP ‘include’ expression to include the image (which contains the PHP code) in the index page of the website, so that it loads automatically with every webpage visit,” Microsoft wrote in a cybersecurity blog post.

“The impact of web skimming campaigns could result in monetary loss, reputational damage and loss of customer trust,” Microsoft said.

Consumers and retailers are right to be concerned.

“Online shoppers can protect themselves against web skimming attacks by ensuring their browsing sessions are secure, especially during the checkout process,” Microsoft said.

“Beware of unexpected or suspicious pop-ups asking for payment details.”

The best form of Internet protection is a skeptical mind and up-to-date security patches.

Monitor your credit card spending history and keep an eye on the browser URL when shopping online – if something looks fishy, ​​it probably is.