Tupperware hasn’t yet put a lid on a targeted cyberattack that uses a credit card skimmer to collect customer payment information at checkout on the tupperware[.]com site and some of its local sites.
The threat actors hid “malicious code within an image file that activates a fraudulent payment form during the checkout process,” according to researchers at Malwarebytes who discovered the compromise March 20. “This form collects customer payment data via a digital credit card skimmer and passes it on to the cybercriminals with Tupperware shoppers none-the-wiser.”
The Tupperware party long ago moved to the internet – with more than one million people visiting the company’s website monthly. And as COVID-19 virus drives more people online to shop, the researchers wrote in a Wednesday blog post that “there is little doubt that a larger number of transactions will be impacted by credit card skimmers,” one of the top web threats they monitor.
Please register to continue.
Already registered? Log in.
Once you register, you'll receive:
The context and insight you need to stay abreast of the most important developments in cybersecurity. CISO and practitioner perspectives; strategy and tactics; solutions and innovation; policy and regulation.
Unlimited access to nearly 20 years of SC Media industry analysis and news-you-can-use.
SC Media’s essential morning briefing for cybersecurity professionals.
One-click access to our extensive program of virtual events, with convenient calendar reminders and ability to earn CISSP credits.