When you type your information onto infected pages, hackers use malicious code embedded in an e-commerce site, for example, in order to duplicate that information and send it elsewhere. Hackers are able to do so by:
- Gaining access to a server via a phishing attack targeting employees or others on a network
- Breaking into a site’s web server directly
- Obtaining access through a vulnerable third-party vendor attached to a company’s server
- Breaking into a common server that supports thousands of different online shopping websites to steal from all at once
FBI Cyber Division Section Chief Herb Stapleton explains the impact of e-skimming, “Millions of credit card numbers have been stolen even over the course of the past two years…that’s probably just the numbers we see being reported to the FBI and is almost certainly an underestimate.”
Stop E-Skimming in Its Tracks
Although primarily meant for small and medium-sized businesses as well as government agencies, the FBI’s protection suggestions are applicable to anyone. They suggest that you:
- Update all systems with the latest security software
- Update all anti-malware and anti-virus software
- Implement multi-factor authentication (like being sent a text message when you enter your password from a new device)
- Change default login credentials and/or change passwords frequently
- Don’t click on links or unexpected attachments in emails
Think you may be a victim of e-skimming? You can report it to the FBI’s Internet Crime Complaint Center here.