April 3, 2025 – West Houston, TX
Impress IT Solutions is warning West Houston businesses—especially construction firms, retailers, and service providers with online payment portals—about a newly discovered web skimming campaign abusing a legacy Stripe API to validate and steal credit card data with surgical precision.

“This is one of the most efficient web skimmer attacks we’ve seen,” said a cybersecurity lead at Impress IT Solutions. “It verifies the stolen card data before exfiltrating it, which makes the attack cleaner, stealthier, and harder to catch.”

🕵️‍♂️ What’s Happening?

Security researchers have uncovered a sophisticated campaign targeting websites that use outdated or misconfigured payment systems. The attackers are leveraging a now-deprecated Stripe endpoint—api.stripe[.]com/v1/sources—to validate stolen card numbers in real-time before transmitting them offsite.

In total, 49 merchants have been affected so far, and the campaign is still active.

⚠️ How the Attack Works

The web skimmer uses JavaScript injected into checkout pages to:

1. Hide the real payment form
2. Overlay a fake Stripe form that mimics the original
3. Steal credit card info and validate it using the outdated Stripe API
4. Exfiltrate stolen data using base64 encoding to a remote attacker-controlled server
5. Display a fake error asking users to reload, covering up the theft

This technique ensures only valid, working card data is stolen, making it highly efficient and extremely profitable for cybercriminals.

“It’s not just Stripe being spoofed,” said Impress IT. “Variants of the skimmer have also been spotted mimicking Square and adding fake crypto payment options like Bitcoin, Ethereum, and Tether.”

💻 Why It Matters for West Houston Construction and Retail Companies

Many construction companies in West Houston now offer online payments for estimates, deposits, and invoices. Retailers and service-based businesses often rely on WordPress, WooCommerce, or PrestaShop—which are exactly the platforms being exploited in this campaign.

If your site is vulnerable, your customers’ credit card data could be silently stolen without you even knowing.

🔐 How Impress IT Solutions Protects Your Business

Impress IT Solutions offers comprehensive website security and managed IT services to keep local companies protected from threats like this. Here’s how they help:

• ✅ Scan websites for unauthorized scripts and suspicious API calls
• 🔒 Harden payment gateways and eliminate legacy API dependencies
• 🔁 Keep CMS platforms and plugins fully updated and patched
• 🧪 Implement website firewalls and content security policies (CSPs)
• 📊 Monitor real-time traffic and data flow for anomalies
• 🔁 Backup your site in case of a breach, with fast restore options

“We’re not just about fixing issues—we’re here to prevent them,” Impress IT emphasized. “If your site handles payments, it needs regular health checks.”

🧰 Time for a Security Check?

If your business website hasn’t been reviewed recently, or if you’re unsure what payment APIs your platform relies on, it’s time to bring in the experts.

📞 Contact Impress IT Solutions today for a website security audit and make sure your checkout page isn’t secretly working for cybercriminals.

Let’s keep your site safe—and your customers protected.

Cyber Security

Protect your IT environment with enterprise-grade security solutions designed to prevent, detect, and respond to cyber threats.