1 min read

American Cancer Society Website Visitors Should Check Their Bank Statements

Silviu STAHIE

October 30, 2019

American Cancer Society Website Visitors Should Check Their Bank Statements

Magecart hackers compromised the online shop of the American Cancer Society and may have had access to all online payments made by visitors. The e-skimming attack was caught early, but it”s not known how much data was intercepted.

An e-skimming group named Magecart inserted malicious code into the cancer society”s Cancer.org shop. The sole purpose of the intrusion was to intercept credit card payments, with personal data most likely ending up on the dark web.

Magecart is comprised of a series of criminal groups that focus on e-skimming attacks, designed to infiltrate websites and capture credit card information. They can gain entry through leaked credentials, a phishing campaign, or known vulnerabilities found in backend software used by the companies.

The intrusion was detected by researcher Willem de Groot, who explained to TechCrunch that the attackers mimicked legit analytics code to cover their tracks. Even if the code was obfuscated, the researcher figured out that a third-party server was receiving the information.

The American Cancer Society has yet to make an official statement, but researchers saw that the small piece of code was removed after a few days.

Interestingly enough, the FBI recently issued an advisory regarding the potential impact of e-skimming on small and medium businesses. The American Cancer Society intrusion goes to show that all types of organizations, and not just companies, are open to this kind of attack.

tags


Author



Right now

Top posts

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

July 16, 2021

3 min read
How to protect yourself against cyberstalking

How to protect yourself against cyberstalking

July 06, 2021

2 min read
The Top Five Security Risks Smartphone Users Face Today

The Top Five Security Risks Smartphone Users Face Today

July 02, 2021

4 min read
Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials

Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials

July 02, 2021

3 min read
Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger

Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger

June 30, 2021

2 min read
Mobile security threats: reality or myth?

Mobile security threats: reality or myth?

June 13, 2021

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Fraud Family cybercrime ring under the spotlight as arrests made in the Netherlands Fraud Family cybercrime ring under the spotlight as arrests made in the Netherlands
Graham CLULEY

July 23, 2021

3 min read
Homoglyph domains used in BEC scams shut down by Microsoft Homoglyph domains used in BEC scams shut down by Microsoft
Graham CLULEY

July 22, 2021

3 min read
China Sets Up New Worrying Vulnerability Disclosure Rules China Sets Up New Worrying Vulnerability Disclosure Rules
Silviu STAHIE

July 20, 2021

1 min read