October is cyber security month in the U.S., and in recognition of that, we are spending some time talking about how you can protect yourself online. This week: e-skimming.
This warning is specifically targeted to small and medium-sized businesses and government agencies that take credit card payments online. E-skimming occurs when cyber criminals inject malicious code onto a website. The bad actor may have gained access via a phishing attack targeting your employees — or through a vulnerable third-party vendor attached to your company’s server.
Regardless, once he is in, he can load the malicious code and capture the credit card data in real time as the user enters it. He either then sells the data on the darknet or uses it to make fraudulent purchases himself.
Here’s what businesses and agencies can do to protect themselves:
- Update and patch all systems with the latest security software. Anti-virus and anti-malware need to be up-to-date and firewalls strong.
- Change default login credentials on all systems.
- Educate employees about safe cyber practices. Most importantly, do not click on links or unexpected attachments in messages.
- Segregate and segment network systems to limit how easily cyber criminals can move from one to another.
If you have been a victim of this online scam or any other fraud, report it to the FBI’s Internet Crime Complaint Center at IC3.gov or call your local FBI office.