Notorious Credit Card Scammers Target Student & Parent Payments

Previously, we have highlighted the risks consumers have when they use their physical credit cards at insecure locations, such as the gas pump. Well, that same risk is realized when you use your credit card to pay for things that are insecure online, too.

An example of this was seen recently when an e-commerce platform, Blue Bear, that allowed K-12 school and educational institutions to pay student fees and manage their accounting online, suffered a breach that subjected its users to have their credit card data stolen. Attackers were successfully able to inset credit card-skimming software on the insecure website from October 1 to November 13, giving them 44 days to collect names, credit card numbers, expiration dates, security codes as well as usernames and passwords for the websites. This type of attack is known as Magecart, which is an umbrella term that encompasses several different hacker groups that do the same type of attack: they take advantage of insecure third-party website platforms in order to insert credit-card skimming software in their checkout pages, cashing in on the stolen information.

If you or any students you know use the Blue Bear software for management, please check your banking transactions as well as your passwords for unauthorized activity.