It’s that time of year again where the majority of people are online shopping to skip the lines at the mall this holiday season. Below is an article regarding e-skimming, which is a new tactic by hackers. Read the article to learn how to protect yourself while online shopping.
We all know we need to be on the lookout for skimming devices that crooks install at the ATM or at the pump at gas stations.
But just in time for the holiday shopping season, we’re now being warned that the hackers are watching our online shopping carts, too, in order to steal our credit card and debit card information.
Cybercriminals are getting our data in real-time, which can make that information more valuable in the underground market.
“It’s fresh credit card data that’s being exfiltrated,” said an FBI special agent on the cyber task force.
“When the consumer submits their purchase to that e-commerce site, it goes through properly,” the agent said.
“But it also gets siphoned off to a server that’s controlled by the cyber actor.”
The consumer wouldn’t know there was a problem because they get the product or service they ordered. But further down the line, the bank or credit card company spots fraudulent activity after the fact.
The FBI said it is seeing a number of e-skimming cases open up across the bureau, including some Michigan-based companies that have been affected by the compromise.
Such theft can happen whether you’re buying something online through a legitimate website or mobile app. Big names that have been targeted include the online store for the National Baseball Hall of Fame, which had a malicious payment code running between Nov. 15, 2018, and May 14, 2019.
What’s worse: It may be very difficult for a consumer to actually detect compromised websites that have been hit by an e-skimming scheme.
Unfortunately, you’re not going to be able to spot any odd gadgets or hardware that is used in the process, like you might with a skimmer installed on an ATM or gas pump.
It’s the next new wave for collecting stolen data to fill the shelves of the cyber black market.
“Any business accepting online payments on their website is at risk of an e-skimming attack,” according to an October alert from the Federal Bureau of Investigation office in Detroit.