Cloned payment pages
https://www.bleepingcomputer.com/news/security/card-skimmer-group-replaces-checkout-page-to-steal-payment-info/
A payment service platform's checkout page was recently cloned by the threat actors behind a web skimming campaign that harvested and stole credit card information from an online shop's customers.
Web skimming (also known as e-skimming) is the process through which fraudsters can harvest and steal customers' payment or personally identifiable information (PII) after injecting malicious code in the form of payment card skimmer scripts within a compromised e-commerce site's payment processing platform (PSP).