To avoid getting detected, the skimmer is loaded using the PHP function file_get_contents and an obfuscated URL, while ensuring that the user is on the checkout page and not logged in as admin.