Cybercriminals have devised a card-skimming scheme that involves creating a phishing page that impersonates a retailer’s third-party payment service platform (PSP). Certain e-commerce websites outsource their financial transactions by redirecting customers to a secure page operated by PSP companies. But in this scam, discovered by researchers at Malwarebytes, the malicious actors swap out the genuine PSP payment processing page with a fraudulent one that asks for customers’ personal and financial data. These details will then be skimmed and exfiltrated to an attacker-controlled server.
Source: SC Magazine