If you’ve ever wondered where your stolen credit card turns up, a cybersecurity firm is offering hard proof, according to a recent article published in www.news.com.au/.

Your credit card data is typically stolen in two ways. One is after a data breach like the Capital One incident that affected 106 million customers. The other is e-skimming, where hackers inject JavaScript code into website payment processing pages in order to pilfer credit cards and account data from customers.

During the holiday season, cybercriminals turn to e-skimming, Greg Foss, Senior Cybersecurity Strategist at VMware Carbon Black, told Fox News.

A screenshot from the Russian Market, a forum that specialises in carding and related services. Picture: VMware Carbon Black

A screenshot from the Russian Market, a forum that specialises in carding and related services.

“Magecart is one of the most prominent [criminal] groups behind this activity [to] siphon off sensitive card data,” Mr Foss said.

Recently, Magecart has been impersonating legitimate payment applications using homoglyph attacks – for instance, creating a website “g00gle.com” instead of google.com – which fools victims into visiting the malicious site, Mr Foss explained.

The endgame for cybercriminals is peddling stolen credit cards that go for an average rate of $10 to $20 per card on the dark web, according to Mr Foss. PayPal accounts sell for $2 to $10 per account, with accounts holding more money costing even more.

The stolen credit card data is typically offered in a shopping cart format, where the “buyer” can check off which credit cards they want to purchase based on a menu of available credentials.

Source: www.news.com.au