Watch out for this scam targeted at web developers. Something I experienced recently but identified early on, phew.
‘The fake web developer scam can take many forms, but regardless of the shape the scam takes, the result is always the same. Sadly, we have received dozens of complaints detail similar stories with small business owners reporting loses from $2,500 to as much as $50,000. While the web development scam can be devastating, there are steps you can take to ensure that your small business starts off on the right foot.’
In lockdown, an offer of new project work is a gift. A gift you’d bite someone’s hand off for. Back in April I received the following email.(more…)
Dan Goodin at Ars Technica
‘Researchers from Kaspersky Lab on Monday said that they have recently observed about two dozen infected sites that found a novel way to achieve this. Instead of sending it to attacker-controlled servers, the attackers send it to Google Analytics accounts they control. Since the Google service is so widely used, ecommerce site security policies generally fully trust it to receive data.’
Clever but very creepy. Check you don’t have an extra Google Analytics profile in your sites source.
Here’s another (deep dive) article on card skimming via embedded image data.