Researchers at Securi discover Credit Card Redirection attack technique to hijack credit card data during transactions on e-commerce sites.

With the term credit card redirection is indicated the illegal practice to steal credit and debit card information compromising legitimate web services.

Security experts are observing an increase of credit card redirection cases, cyber criminals are varying their attack method compromising legitimate shopping websites instead to deceive them with spoofed emails that lead to specially crafted phishing sites.

The user that access to  the compromised e-commerce site is stealthily redirected to a well designed phishing site, so that the website could acquire card info and send it back to the attackers. The redirection is possible also modifying the credit card processing file giving to the criminals the access to all the transaction data including credit card details (name, address, CC and CVV).

SOURCE: securityaffairs.co