Online shopping is already a widespread method of purchasing goods and services in the Philippines. With the implementation of the enhanced community quarantine because of the COVID-19 pandemic, most people prefer to shop essential goods from the safety and comfort of their homes. 

The CERT-PH is warning online shoppers who use credit or debit cards as well as organizations that provide e-commerce services on the monitored threats and new data skimmer developed by the threat group Magecart Group 7, dubbed as MakeFrame that has infected dozens of websites globally. The approach of the MakeFrame attacks is to use the compromised shopping sites globally to host the skimming code, load the skimmer on other compromised websites, and steal data of shoppers including credit card details. 

Online businesses with a lack of visibility on their web-facing services have been taken advantage of by the Magecart Group 7. Most victim organizations who are running shopping sites and services have no idea that JavaScript on their site has been changed, allowing the malicious code to exist and run which can also victimize their customers. 

Security Recommendations:

For Online Shoppers
It is important for online shoppers to be vigilant when doing online transactions. Anything suspicious during your shopping activities like errors on the site pop-ups, redirection to different domain names should be a sign that you should not proceed with the transaction. Below are some of the security practices every shopper should do.

  • Ensure browser or mobile apps are always up to date. 
  • Look for “HTTPS” on the shopping site. Do not transact if the site is not using “HTTPS”
  • Find time to read privacy policy of the shopping site
  • Before doing a transaction, do a testimonials research. Check the reviews of other customers who already done transactions on the shopping site
  • Always assess unrealistic discounts or deals
  • Never shop to random websites that you are not familiar with
  • Always have your bank  fraud contact information on hand
  • Never do online shopping and checkout payments using public WiFi
  • Invest in a Virtual Private Network (VPN) program and use it when doing online shopping. VPN will encrypt the traffic between you and the shopping website, so nobody can spy on it
  • If in doubt, don’t proceed

For Online Businesses
CERT-PH is urging businesses under the critical infostructure sector specifically financial institutions or organizations with services such as business e-commerce websites, payment gateway and online shopping to increase security barriers in protecting their e-commerce websites, processes and their shoppers.

  • Update and patch all systems and servers used for the operation of your online services
  • Increase monitoring of shopping websites for any observable changes in experience and shopping checkouts
  • Install the latest security software including anti-virus and anti-malware
  • Ensure all end-users and customers are being reminded to make password at least 12 characters long
  • Change default login credentials on all systems
  • Educate employees and customers about safe cyber practices on phishing attacks. Remind everyone not to click on links or unexpected attachments in messages

For cybersecurity incidents, report to CERT-PH through the following channels:
Mobile: 09214942917 (Smart)/09561542042 (Globe)
Landline: 8920-0101 local 1708