The Federal Bureau of Investigation (FBI) is warning the public about “e-skimming.”
The agency says hackers are injecting malicious code into websites. Once the code is loaded, hackers will capture shoppers’ credit card data as they enter it on the websites. That data can be sold on the dark web for other people to use without your permission.
Stores, ticket sellers, travel companies and utility companies tend to be the type of sites that hackers want to get into.
Hackers will also make sure that whatever they’re doing blends in with normal payment processing. That way, shoppers don’t detect anything strange.
The FBI offered these tips for businesses and agencies to protect themselves:
· Update and patch all systems with the latest security software. Anti-virus and anti-malware need to be up-to-date and firewalls strong.
· Change default login credentials on all systems.
· Educate employees about safe cyber practices. Most importantly, do not click on links or unexpected attachments in messages.
· Segregate and segment network systems to limit how easily cyber criminals can move from one to another.
And while shoppers are not to blame, there are steps we can take to protect ourselves as well.
“My general recommendation is use one-time use credit cards, gift cards use online, Apple Pay, essentially another way is to use things that can only be used once,” said Steve Beaty, a computer science professor at Metro State University. “You can do a one-time payment. Don't store your credit card information on most sites.”
You could also install anti-virus software into your browser that may detect a hacker’s code. But as software and code evolves, it could go undetected.
Anyone who has fallen victim to this online scam or any other fraud should report it to the FBI’s Internet Crime Center at www.IC3.wov or call your local FBI office.