Casio Caught in Cart Chaos: Web Skimming Scam Hits UK Site!

The Casio UK website fell victim to a sophisticated web skimmer infection, targeting the cart page rather than the usual checkout. This cunning campaign involved a fake payment form, duping users into double-entry skimming. Researchers at Jscrambler identified the attack’s origin as Magento vulnerabilities, highlighting the need for robust web security measures.

3P
Published: February 1, 2025 1:11 pmAdded: February 5, 2025 at 3:20 amAssembled by: The Editor
Pro Dashboard

Hot Take:

Looks like Casio’s UK website got a dose of Russian roulette, and their checkout page ended up with more twists than a Rubik’s Cube! Instead of just checking out electronics, customers were checking out with a side of cyber espionage. Time to wind up those security policies, Casio, because the clock is ticking on web skimming.

Key Points:

  • 17 websites, including Casio UK, were hit by a web skimming campaign.
  • Infections likely stemmed from vulnerabilities in Magento e-commerce platforms.
  • Skimmer targeted cart pages and used a fake, multi-step payment form.
  • Data was encrypted using AES-256-CBC before exfiltration.
  • Casio UK’s Content Security Policy was ineffective in preventing the attack.

Membership Required

 You must be a member to access this content.

View Membership Levels
Already a member? Log in here
The Nimble Nerd
powered by the NSA, er,  GDPR Cookie Compliance
Confessional Booth of Our Digital Sins

Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?