Cyber Threats

The Sniffer method has become one of the most popular attack techniques among cyber fraudsters for obtaining credit card and password information due to its frequent use.

It has been observed that the attacks carried out using the sniffing method in the first four months of 2023 have increased by 192% compared to the attacks carried out in 2022.

What is Sniffer/Sniffing Method?

Sniffing method is an attack method used by cyber fraudsters to steal private information such as passwords and credit cards of website customers by compromising/hacking an e-commerce website.

Cyber fraudsters on the dark web target e-commerce sites and can gain access through passwords obtained from stealer logs or through webshells they install on the systems as a result of exploiting web application/server security vulnerabilities on the site. Then, they can steal users’ credit card information by placing sniffers on the forms where customer credit card information is entered on payment pages or by embedding their own phishing pages with “iframe” tags on the payment page that opens when the user wants to purchase a product. It is known that cyber fraudsters use the stolen credit cards to shop on websites without 3D Secure protection, called “cardable“, or to sell them on the dark web.

Scenes From the Dark Web

A seller on the dark web appears to be selling access to an e-commerce site in Thailand for sniffing purposes. The seller provided statistics of total payments in January, February and March so that cyber fraudsters could understand the store’s activity.

Evidence of a cyber fraudster using sniffing to sell stolen credit card information on a dark web forum and a blackmarket he owns:

A forum post in which a seller is auctioning off 1,200 stolen credit cards he obtained by sniffing a forum on the dark web:

How Do Cyber Fraudsters Practice the Sniffing Method?

After hacking the website they target, cyber fraudsters use sniffing method to organize an attack with various methods as follows.

Code Injection

Cyber fraudsters add a Javascript code to sniff (log) web forms where information such as credit card/password is entered on compromised websites and send the values entered in the web forms to their own servers through the injected Javascript code or save them to a database or file to read them later. This method is the most common because it is more difficult to detect than the others.


Cyber fraudsters redirect victims to their phishing sites when they go through the checkout process to purchase a product. Victims do not realize this situation and enter their credit card information on the site they think is the original, and the attackers capture their credit card information with this method. This method is less commonly used because it is more likely to be detected than other methods.


Cyber fraudsters embed their own phishing websites using “iframe” tags instead of the payment page when customers proceed to the payment stage, and when users who do not realize this fill in their credit card information, they lose their card information to cyber fraudsters.

How Do I Protect Myself from Such Sniffing Attacks?

Below are some precautions you can take to protect yourself from sniffing attacks/minimize damage:

  • It is recommended not to use untrusted shopping sites.
  • You should check the address of the site before entering your private information.
  • It is advisable to keep your credit card disabled for online shopping when you are not using it.
  • It is recommended that you choose strong passwords and update your password with a unique password periodically.



Cyberthint is an unified cyber threat intelligence platform. Everything you need is on a single platform! With Cyberthint, you can monitor and identify advanced threats and take early action.

Leave a comment

Your email address will not be published. Required fields are marked *