Phishing Checkout Page
A fake payment page injected into or mimicking a legitimate checkout flow to steal payment card details at the moment of purchase.
Also known as: Magecart attack, web skimmer, checkout skimming, card skimming
Last reviewed: 10 June 2026
Phishing checkout pages target consumers at the moment they are most prepared to enter sensitive financial information. In one variant, attackers inject malicious JavaScript (a web-skimmer or Magecart-style attack) into a legitimate e-commerce site's checkout page; the page looks completely normal but silently sends card details to the attacker's server as they are typed.
In another variant, a fraudulent email or ad directs users to a convincing clone of a real retailer's checkout page. The domain may differ by only a character or use a lookalike TLD. Victims enter their card details believing they are completing a real purchase and receive no goods while their card information is sold.
Consumers should verify HTTPS and the exact domain before entering payment details, use virtual or single-use card numbers where available, and monitor statements for small test charges that may precede larger unauthorized transactions. Platforms should implement Content Security Policies and subresource integrity checks to prevent skimmer injection.
Examples
- Shoppers on a compromised outdoor-gear website had their card numbers captured by injected script during checkout; the site appeared completely normal.
- A phishing email mimicking a major retailer's sale linked to a near-identical checkout page that harvested card details from hundreds of victims.