As part of cybersecurity month, the FBI is warning small and medium businesses (SMBs) about the dangers of e-skimming, a practice that could allow hackers to intercept online credit card payments.
E-skimming is a precise type of attack that allows cybercriminals to intercept online credit card payments by using malicious code inserted into a website. Hackers could gain entry into an organization in a phishing attack or through an unpatched vulnerability in its infrastructure. Once that happens, the intrusion may remain undetected for a long time.
“The bad actor may have gained access via a phishing attack targeting your employees—or through a vulnerable third-party vendor attached to your company’s server,” explains the FBI in their advisory. “Regardless, once he is in, he can load the malicious code and capture the credit card data in real time as the user enters it. He either then sells the data on the darknet or uses it to make fraudulent purchases himself.”
Such practices are widespread. Only recently, hackers compromised a website that was selling credit card information. One way that data ends up on the black market is through e-skimming.
Of course, SMBs can protect themselves. Some measures might require investment, but for far less than the potentially crippling cost of a data breach. Organizations need to keep all their systems up to date, use firewalls and antivirus solutions, and regularly change user names and passwords on all endpoints.
More importantly, employees need to be taught how to deal with incoming emails. They shouldn’t click on unknown links or open unknown attachments. When companies are compromised, it’s most often through some form of human error.
Lastly, the FBI said network systems in companies need to be separated in a way that limits the criminal’s access after a successful e-skimming attack.