With about 76% of consumers online shopping yearly, according to NPR/Marist Poll, the protection and security of e-commerce sites has never been more necessary. Recently, the FBI warned people about the online threat of e-skimming. So, what is e-skimming and how can the average consumer protect themselves from it?
What is E-Skimming?
E-Skimming occurs when cyber criminals puts malicious code on an e-commerce credit card processing and/or checkout page. This code then captures credit cards and other customer personal information, and sends it to the online criminals. E-skimming is also commonly known as Magecart Attacks and Web Skimming. It is very similar to credit card skimming, where a physical device is used to obtain a credit card number and duplicate it.
The main targets of e-skimming are any businesses that take credit credit payments online through their website. When these commerce sites are exposed, it compromises their customers’ credit credits and other personal information.
How Do E-Skimming Attacks Work?
There are a number of ways a criminal can gain access to a website and e-commerce platform.
- Sending phishing emails to gain access to the business’s network.
- Obtain the credentials of a website’s administrator.
- Exploit a vulnerability in the website.
- Redirecting website customers to an infected site controlled by the cyber criminal.
How You Can Protect Yourself or Your Business From It
Depending on whether you’re a customer or business that’s the victim of e-skimming, the course of actions you need to take will differ.
Security Measures For Businesses:
- Determine how the criminals were able to access your e-commerce site.
- Find, identify, and remove the skimming code from your network.
- Change any necessary employee and/or website credentials.
- Fix any vulnerabilities within your website.
- Send the saved malicious code to law enforcement for further investigation.
- Write up a plan to prevent this from happening in the future.
- Educate your employees on the best online cyber security practices.
Security Measures For Customers:
- Cancel and replace any captured credit cards.
- Change your account login credentials for the infected website.
- Report any issues with your account to the company.
- Make sure you have antivirus software and have your computer firewall on.
- Conduct your online shopping in incognito mode.
- Never open emails or download documents to your devices that look suspicious.
- Utilize two-factor authentication on all of your online shopping and credit card accounts (if possible).
Online shopping is a year-round thing, not just something done during the holidays. As long as online shopping exists, cyber criminals will continue their efforts. Businesses and customers need to take precautions to protect themselves from e-skimming and other cyber threats.
To learn further about protecting yourself, your child, or your business online, check out our cybersecurity resources page.