Netcraft News Wire Security

Netcraft Extension adds credential leak detection

The Netcraft Browser Extension now offers credential leak detection for extra protection against shopping site skimmers. With brick-and-mortar shops around the world closed due to COVID-19, consumers turned to online businesses to fulfil ...

The Netcraft Browser Extension now offers credential leak detection for extra protection against shopping site skimmers.

With brick-and-mortar shops around the world closed due to COVID-19, consumers turned to online businesses to fulfil their shopping needs. According to Adobe’s Digital Economy Index report, US online spending in June was $73 billion, up 76% from $42 billion last year. Even with restrictions lifted, research commissioned by Visa suggests that 74% of Britons who shopped online more often during the lockdown will continue to do so.

Now more than ever it is important to protect against JavaScript skimmers. These are snippets of malicious code which criminals upload to compromised shops. Unbeknownst to the store owner or the user, they transmit entered card details directly to the criminal. Unlike scams such as phishing, which can often be avoided by a vigilant internet user, skimmers are invisible to the human eye without a tool such as the Netcraft Extension to expose them.

Netcraft currently blocks over 6,000 shopping sites which contain skimmers, and even large companies such as British Airways, Ticketmaster and Puma have fallen prey to these attacks in the past.

Screenshot of the block screen shown by the Netcraft Extension when a credential leak is detected

The Netcraft Extension identifying and blocking a skimmer on an online shop

When you visit a shopping site, the Netcraft extension will evaluate all requests made by the web page. If a request is found to be sending credentials to a different domain, the extension will block the request to prevent your data from being stolen. A block screen will notify you about the request and provide information about the malicious behaviour that was detected. Only card number leaks are currently blocked, but other types of credentials may be enabled in future updates.

For example, if you check out using your credit card on exampleshoppingsite.com but your card details are sent to examplebadsite.com, the extension will block the request. This checking is done locally and securely in your browser – no sensitive information is sent to Netcraft.

The extension will also block pages which make requests to malicious domains that are part of JavaScript attacks.

In addition to shopping site skimmers, the Netcraft Extension also protects against other malicious JavaScript, phishing and fake shops, including those related to coronavirus. The extension is available for Chrome, Firefox, Opera and the new Microsoft Edge based on Chromium.

Google ChromeMozilla FirefoxOperaMicrosoft Edge

If you already have the Netcraft Extension installed, your browser will update it automatically.