If you thought cybercriminals were a bunch of opportunists looking to scam people by frightening them with phishing emails or getting them to part with personal information on a fake website page, think again. Many are professional criminals, polished and strategic.

Just ahead of the pandemic lockdown, the UK Claire's costume jewelry, make-up, and hair accessories retail chain closed its physical stores and focused on its online operations. Within 24 hours of this move, someone registered a domain called claires-assets.com.

Four weeks later this domain was used to surreptitiously withdraw personal payment card data from the checkout pages of Claire's online store and its sister brand Icing. It's clear that the attackers understood as Claire's shopping mall stores closed there would be an increase in online spending. 

It's more than likely that between the closure of physical stores and the theft of personal data from Claire's web checkout page, the hackers were probing Claire's systems for vulnerabilities. Once they gain access to Claire's website, they found a way of injecting malicious code which skimmed customer information and payment details as they tried to make a purchase at the checkout.

The question is how many other e-commerce sites were targeted by these attackers ahead of the lockdown or did they just focus on Claire's? We can't answer this definitively but hedging our bets they probably had other targets too.
  • Attacks like this are relatively common and this one bears the hallmarks of what is known as a Magecart attack, a term for malicious code used to steal sensitive information from unsuspecting e-commerce site users.
  • This malicious script can hide on a company’s website watching the information as it is entered by customers into a payment form. It is then copied from the site and sent to the attackers.
  • Magecart attacks are notorious and thousands and thousands of websites around the world have been compromised. Some high profile victims include Ticketmaster, British Airways, Umbro, Vision Direct, and Newegg.
Claire’s said it is “working diligently” to determine the transactions that were involved so that it can notify affected individuals.

Unfortunately, these types of attacks are a fact of life. Victims have to rely on the hacked e-commerce sites to refund them but this can often take time. The deeper danger is when the hacked information is sold on the dark web and is used for identity fraud. The repercussions can be long term with the victims often having to fight their corner to convince the organisations who have been defrauded that they are innocent.

This is why cybersecurity defences such as identity protection are so important. It helps victims quickly identify when their personal information has been compromised allowing them to take immediate protective steps.