E-skimming is a type of cyberattack in which hackers use malware on online payment and checkout pages in order to steal your personal and credit card information. The hacker then either sells the data on the Dark Web or uses it to make fraudulent purchases. This type of scam is becoming more commonplace alongside the proliferation of online shopping.

When you type your information onto infected pages, hackers use malicious code embedded in an e-commerce site, for example, in order to duplicate that information and send it elsewhere. Hackers are able to do so by:

  • Gaining access to a server via a phishing attack targeting employees or others on a network
  • Breaking into a site’s web server directly
  • Obtaining access through a vulnerable third-party vendor attached to a company’s server
  • Breaking into a common server that supports thousands of different online shopping websites to steal from all at once

FBI Cyber Division Section Chief Herb Stapleton explains the impact of e-skimming, “Millions of credit card numbers have been stolen even over the course of the past two years…that’s probably just the numbers we see being reported to the FBI and is almost certainly an underestimate.”

Stop E-Skimming in Its Tracks

Although primarily meant for small and medium-sized businesses as well as government agencies, the FBI’s protection suggestions are applicable to anyone. They suggest that you:

  • Update all systems with the latest security software
  • Update all anti-malware and anti-virus software
  • Implement multi-factor authentication (like being sent a text message when you enter your password from a new device)
  • Change default login credentials and/or change passwords frequently
  • Don’t click on links or unexpected attachments in emails
Other safeguards you can take include using your credit card instead of a debit card, shopping with a virtual credit card, or—if your bank provides this service—using a randomly-generated credit card number from your bank to make a specific purchase.

Think you may be a victim of e-skimming? You can report it to the FBI’s Internet Crime Complaint Center here.