Web skimming attacks steal card data from checkout pages undetected

Online shopping seems familiar and fast, but a hidden threat continues to operate behind the scenes.

Researchers have been tracking it for a long time Web skimming campaign Which targets related companies Major payment networks. Web skimming is a technique in which criminals secretly add malicious code to checkout pages so they can steal payment details as shoppers type them.

These attacks operate quietly within the browser and often leave no obvious signs. Most victims only discover the problem after unauthorized accusations appear in their statements.

Sign up for my free CyberGuy report
Get the best tech tips, breaking security alerts, and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – for free when you join my site CYBERGUY.COM Newsletter.

WHATSAPP WEB Malware Automatically Deploys Banking Trojans

Web skimming attacks hide inside checkout pages and steal card details as shoppers type them in. (Kurt “CyberGuy” Knutson)

What is Magecart and why does it matter

Magecart is the name researchers use for groups that specialize in web browsing attacks. These attacks focus on online stores where shoppers enter payment details during checkout. Instead of directly compromising banks or card networks, attackers insert malicious code into a store’s checkout page. This code is written in JavaScript, a common type of website code used to make pages interactive. Legitimate sites use it for things like forms, buttons, and payment processing.

In Magecart attacks, criminals misuse the same code to secretly copy card numbers, expiration dates, security codes and billing details as shoppers enter them. The checkout process still works, and the purchase goes through, so there’s no obvious warning sign. Magecart originally described attacks against Magento-based online stores. Today, this term applies to web browsing campaigns across many e-commerce platforms and payment systems.

Who are the targeted payment service providers?

Researchers say this campaign targets merchants connected to several major payment networks, including:

• American Express
• Diners Club
• Discover, a subsidiary of Capital One
• JCB LIMITED
• MasterCard
• UnionPay

Large organizations that rely on these payment providers face greater risks due to complex websites and third-party integrations.

700 credit data breaches expose social security systems of 5.8 million consumers

Criminals use hidden code to copy your payment data while the purchase process is taking place normally. (Kurt “CyberGuy” Knutson)

How attackers insert scrapers into checkout pages

Attackers usually enter through vulnerabilities that are easy to overlook. Common entry paths include vulnerable third-party scripts, outdated plugins, and unpatched content management systems. Once in, they enter JavaScript directly into the payment flow. The skimmer monitors form fields associated with card data and personal details, then quietly sends that information to servers controlled by the attacker.

Why are web skimming attacks so hard to detect?

To avoid detection, malicious JavaScript is heavily obfuscated. Some versions can remove themselves when they detect an administration session, making scans appear clean. The researchers also found that the campaign used bulletproof hosting. These hosting providers ignore abuse reports and takedown requests, giving attackers a stable environment to operate. Because web scrapers run within the browser, they can bypass many server-side fraud controls used by merchants and payment providers.

Who are Magecart web scraping attacks affecting the most?

Magegart campaigns affect three groups at the same time:

• Shoppers who unknowingly give away card information
• Merchants whose payment pages have been hacked
• Payment service providers that detect fraud after the damage has occurred

This combined exposure makes detection slower and response more difficult.

New malware can read your conversations and steal your money

Simple protections like virtual cards and transaction alerts can limit the damage and detect fraud faster. (Kurt “CyberGuy” Knutson)

How to stay safe as a shopper

While shoppers can’t fix hacked checkout pages, some smart habits can reduce exposure, limit how stolen data is used, and help detect fraud faster.

1) Use virtual or single-use cards

Virtual and single-use cards These are digital card numbers that are linked to your real credit or debit account without revealing the actual number. It works like a regular card at checkout, but adds an extra layer of protection. Most people already have access to it through the services they use every day, including:

Major banks and credit card issuers offering virtual card numbers within their apps

Mobile wallet apps like Apple Pay and Google Pay create temporary card numbers for online purchases, hiding your real card number

Some payment apps and browser tools that generate one-time card numbers or merchant-locked card numbers

A single-use card usually works for one purchase or expires shortly after use. The virtual card can remain active for one store and be paused or deleted later. If a web browsing attack takes over one of these numbers, attackers typically won’t be able to reuse it elsewhere or charge recurring fees, limiting financial damage and making it easier to stop fraud.

2) Turn on transaction alerts

Transaction alerts notify you the moment your card is used, even for small purchases. If your web browsing leads to fraud, these alerts can quickly uncover unauthorized charges and give you a chance to freeze the card before your losses add up. For example, a $2 test charge on your card can indicate fraud before larger purchases appear.

3) Closing financial accounts

Use strong, unique passwords for banking and card gateways to reduce the risk of account takeover. A password manager helps you create and store them securely.

Next, check if your email has been exposed in previous breaches. Our #1 password manager pick has a built-in penetration scanner that checks if your email address or passwords have appeared in known leaks. If you discover a match, immediately change any reused passwords and secure those accounts with new, unique credentials.

Check out the best expert-reviewed password managers of 2026 at Cyberguy.com.

4) Install a powerful antivirus program

Powerful antivirus software can block connections to malicious domains used to collect removed data and warn you about unsafe websites.

The best way to protect yourself from malicious links that install malware, and potentially access your private information, is to install strong antivirus software on all your devices. This protection can also alert you to phishing emails and ransomware, keeping your personal information and digital assets safe.

Get my picks for the best antivirus protection winners of 2026 for Windows, Mac, Android, and iOS at Cyberguy.com.

5) Use a data removal service

Data removal services can reduce the amount of personal information that is revealed online, making it difficult for criminals to link stolen card data to full identity details.

While no service can guarantee complete removal of your data from the Internet, a data removal service is truly a smart choice. It’s not cheap, and neither is your privacy. These services do all the work for you by systematically monitoring and scraping your personal information from hundreds of websites. This gives me peace of mind and has proven to be the most effective way to erase your files Personal data from the Internet. By limiting the information available, you reduce the risk of fraudsters cross-referencing data from breaches to information they might find on the dark web, making it harder for them to target you.

Check out my top picks for data removal services and get a free check to see if your personal information really exists on the web by visiting Cyberguy.com.

Get a free check to see if your personal information is already on the web: Cyberguy.com.

6) Watch for unexpected card activity

Review the data regularly, even for small charges, since attackers often test stolen cards with low-value transactions.

Key takeaways for Kurt

Magecart’s Web Browsing Exploit shows how attackers can exploit trusted checkout pages without disrupting the shopping experience. While consumers can’t fix hacked sites, simple preventative measures can reduce risks and help detect scams early. Online payments depend on trust, but this campaign shows why that trust must always be coupled with caution.

Does knowing how web browsing works make you rethink how secure online payments are? Let us know by writing to us at Cyberguy.com.

Click here to download the FOX NEWS app

Sign up for my free CyberGuy report
Get the best tech tips, breaking security alerts, and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – for free when you join my site CYBERGUY.COM Newsletter.

Copyright 2026 CyberGuy.com. All rights reserved.