The UK's National Cyber Security Centre (NCSC) says it warned the owners of more than 4,000 online stores that their sites were compromised in Magecart attacks to steal customers' payment info.

In Magecart attacks (also known as web skimming, digital skimming, or e-Skimming), threat actors inject scripts known as credit card skimmers (aka payment card skimmers or web skimmers) into compromised online stores to harvest and steal the payment and/or personal info submitted by customers at the checkout page.

The attackers will later use this data for various financial and identity theft fraud schemes or sell it to the highest bidder on hacking or carding forums.

Victims urged to keep their software up-to-date

"The National Cyber Security Centre – a part of GCHQ – proactively identified 4,151 compromised online shops up to the end of September and alerted retailers to these security vulnerabilities," the UK cybersecurity agency said.

"The majority of the online shops used for skimming identified by the NCSC had been compromised via a known vulnerability in Magento, a popular e-commerce platform."

NCSC monitored these shops since April 2020 and issued warnings to site owners and small and medium-sized enterprises (SMEs) after discovering the compromised e-commerce sites via its Active Cyber Defence program.

Impacted online retailers were urged to keep Magento — and any other software they use — up-to-date to block attackers' attempts to breach their servers and compromise their online shops and customers' information during Black Friday and Cyber Monday.

"We want small and medium-sized online retailers to know how to prevent their sites being exploited by opportunistic cyber criminals over the peak shopping period," said Sarah Lyons, NCSC Deputy Director for Economy and Society.

"It's important to keep websites as secure as possible and I would urge all business owners to follow our guidance and make sure their software is up to date."

Guidance for shoppers also available

The agency also provides guidance for individuals and families who want to shop online securely, advising them to only shop on trusted online stores, use credit cards for online payments, and always watch out for suspicious emails and text messages with offers that seem too good to be true.

The US Cybersecurity and Infrastructure Security Agency (CISA) also provides security tips on how to stay safe online while shopping.

FBI's Internet Crime Complaint Center (IC3) tips can also help avoid being victimized while shopping online. The FBI's advisory includes actionable advice on what to do if you fall prey to an online shopping scam or Magecart attack.

"On Black Friday and Cyber Monday the hackers will be out to steal shoppers' cash and damage the reputations of businesses by making their websites into cyber traps," said Steve Barclay, Chancellor of the Duchy of Lancaster.

"It's critical, with more and more trade moving online, to protect your business and your customers by following the guidance provided by the National Cyber Security Centre and British Retail Consortium."