Skimming online customer payment info from website checkout forms. Cyber criminals introduce skimming code on e-commerce payment card processing web pages to capture credit card and personally identifiable information (PII) and send the stolen data to a domain under their control. The malicious code captures credit card data as the end user enters it in real time. The information is then sent to an Internet-connected server using a domain name controlled by the actor. Subsequently, the collected credit card information is either sold or used to make fraudulent purchases.
Also see our article: E-skimming attacks on the rise as peak online shopping season begins