With COVID-19 lockdown measures in place throughout the globe, online shopping has soared and along with it, credit card skimming. According to Malwarebytes data, web skimming increased by 26 percent in March over the previous month.

While this might not seem like a dramatic jump, digital credit card skimming was already on the rise prior to COVID-19, says Malwarebytes, and this trend will likely continue into the near future.

The stats presented below exclude any telemetry from Malwarebytes Browser Guard extension and reflect a portion of the overall web skimming landscape, per their own visibility. For instance, server-side skimmers will go unaccounted for, unless the merchant site itself has been identified as compromised and is blacklisted, adds Malwarebytes.

One trend that the organization noticed is how the number of skimming blocks is at its highest on Mondays (which happens to be the busiest day for online shopping), lowering down in the second half of the week and being at its lowest point on week-ends.

Image courtesy of Malwarebytes

The second observation is how the number of web skimming blocks increased moderately from January to February (2.5 percent) but then started to go up from February to March (26 percent). While this is still a moderate increase, Malwarebytes believe it marks a trend that will be more apparent in the coming months.

Image courtesy of Malwarebytes

The final chart shows that we record the most skimming attempts in the US, followed by Australia and Canada. This trend coincides with the quarantine measures that began being rolled out in mid March.

Image courtesy of Malwarebytes

Malwarebytes recommends:

  • Limit the number of times you have to manually enter your credit card data. 
  • Check if the online store displays properly in your browser, without any errors or certain red flags indicating that it has been neglected.
  • Do not take trust seals or other indicators of confidence at face value. 
  • If you are unsure about a site, you can use certain tools to scan it for malware or to see if it’s already on a blacklist.
  • More advanced users may want to examine a site’s source code using Developer Tools for instance, which as a side effect may turn off a skimmer noticing it is being checked.

For the full report and more information, please visit the Malwarebytes blog.