This website uses cookies to ensure you get the best experience on our website. Learn more

Contact Us |
Home |About Us | Blog | What are JavaScript Skimming Attacks? by Optomany's security partner, Foregenix

Recently, online skimming attacks have become a serious concern for online eCommerce business and web applications around the world. Below we explain what JavaScript is, why it has been targeted and how to prevent attacks.

Firstly - what is JavaScript?

JavaScript is one of the most popular programming languages worldwide and is usually used as a client-side script. It essentially allows you to implement complex items onto your website. Every time a webpage becomes interactive with the user, e.g. interactive maps, videos, countdown timer and music, web traffic tracking, analytics and even colours, chances are JavaScript is involved. To give you an idea of how popular this language is, 95% of all websites in the world use JavaScript.

What are its common features?

1. Stores values inside of variables - e.g. storing customers names
2. Operations on pieces of text (strings in programming) - You can take the string ‘New Player’ and link it with the [name] variable to create a text label e.g. “New Player Ben”.
3. Running code in response to certain events that happens on your webpage - e.g. allow events to be updated when a website visitor clicks on a certain element
4. Autocomplete - Completes data, e.g. in contact forms, for you
5. Playing Audio and Visual
6. Repairing browser compatibility issues.

How JavaScript attacks happen

JavaScript is a fan favourite with attackers. As more and more eCommerce websites adopt redirected payment solutions attackers need to change the game - and they have.

Our partner Foregenix is seeing an increase in investigations involving JavaScript as the primary cause of payment card data loss. So much so that the industry coined a new term, “digital skimming” related to these attacks.

This is simply because the attacker needs to be able to prevent the eCommerce website from redirecting customers away to the payment page, or at the very least they need to find a way to intercept the payment data… and the best way to do so is to simply write a couple of lines of JavaScript code that runs on the client-side. They usually use a process called cross-site scripting (XSS) it’s essentially an injection attack. An injection attack allows an attacker to supply untrusted input into a program to manipulate the client-side webpage.

Magecart - a persistent threat

Magecart is a group of malicious hackers who target eCommerce sites and steal customer payment card data.

The attackers often place JavaScript code onto the victim’s website in order to capture payment card data as it is input by the customer. The attackers achieve this through a variety of ways:

1. The JavaScript simply scrapes the payment form at the time of checkout and exfiltrated data.
2. The JavaScript manipulates the payment flow so that an outsourced method; such as an iframe or redirect is prevented from operating and the malware provides the consumer with a fake payment form in the page. Once completed, the data is scrapped and exfiltrated.

The best proactive measure against a magecart attack is preventing access.

The most (in)famous case

On September 6th, we saw a skimming attack hit a massive corporation. The attack saw the whole website affected, as well as data loss of 380,000 individual’s personal information. The attackers gained entry to the site through the company’s web server, and injected malicious code to extract customers data.

Not only does suffering from a data breach cause massive disruption throughout your company, it can also destroy your company's reputation which ultimately will affect future sales.

The company was ordered to pay a total of around £183 million, they also had the harrowing task of emailing all affected customers explaining their data had been lost.

How to avoid this type of attack?

Nowadays, security is just as fundamental as engagement to the success of a website. We recommend checking your environment daily, to keep you safe from a breach. This includes:
  • Reviewing code in order to identify potential coding vulnerabilities
  • Use of vulnerability security assessment tools to test web applications for vulnerabilities
  • Audit logging and reviewing logs and security events for all system components to identify anomalies or suspicious activity
  • Use of file-integrity monitoring or change-detection software
  • Including the reviewing of these results
  • Performing internal and external network vulnerability scans
  • Performing period penetration testing to identify security weaknesses
If you don’t have a dedicated individual or team to do this, we highly suggest that you implement a security solution which can monitor your cyberspace for you and provide you with a detailed report of any suspicious activity.

Our partner Foregenix, a leading cybersecurity company, has created a free tool that can check if your website has been affected by JavaScript skimming. Scan your website for external vulnerabilities with WebScan and see if it your site has been breached.

Would like to know more?

Get in touch with us or with our cybersecurity partner Foregenix.

we can help you find the best solution
to suit your business

Give us a call on
+44 (0)208 102 8000

email us at
info@optomany.com