FBI warns SMBs and Government Agencies to Defend Against E-Skimming Attacks

FBI warns small and medium-sized businesses and government agencies to protect against E-skimming attacks. The attack focuses on e-commerce websites.

With the E-skimming attacks, an attacker could inject malicious codes into the website that harvests the credit or debit card data or personally identifiable information (PII).

How Attackers Inject Code

The attack impacted e-commerce companies in the retail, entertainment, and travel industries as well as utility companies and third-party vendors.

Attackers can inject malicious code by exploiting a vulnerability in an e-commerce platform or by gaining access to the victim’s network through a phishing email.

E-skimming attack Image Credits: FBI

The attack also comes through third-party plugins and supply chains of victim website or by exploiting vulnerabilities in the website such as XSS.

“Regardless, once he is in, he can load the malicious code and capture the credit card data in real-time as the user enters it. He either then sells the data on the darknet or uses it to make fraudulent purchases himself,” reads FBI Report.

How Business Protect Against the Attack

  • Update and patch all systems with the latest security software. Anti-virus and anti-malware need to be up-to-date and firewalls strong.
  • Change default login credentials on all systems.
  • Educate employees about safe cyber practices. Most importantly, do not click on links or unexpected attachments in messages.
  • Segregate and segment network systems to limit how easily cybercriminals can move from one to another.

What Victims Can Do

  • Identify the source of skimming code to determine access point – network, third party, or other.
  • Save a copy of the skimming script or malicious loader domain to report to law enforcement.
  • Change pertinent credentials.
  • Refer to your Incident Response Plan, if applicable

You can follow us on LinkedinTwitterFacebook for daily Cyber Security and hacking news updates.

Also Read

Exploiting an Exim Email Server Vulnerability Using EHLO Strings

High Severity Vulnerability Found in Intel Software Let Hackers Perform Escalation of Privilege, DoS Attack

Guru Baran

Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Recent Posts

AT&T Reveals Massive Breach Affecting Nearly All Customers’ Call & Text Records

AT&T, one of the largest telecommunications companies in the United States, has disclosed a significant…

2 hours ago

FishXProxy Fuels Phishing Attacks with Clever Deceptive Attacks

Imagine receiving an email that looks legitimate, down to the last detail. This is the…

5 hours ago

Beware of Phishing Attack that Abuses SharePoint Servers

A massive phishing campaign exploits Microsoft SharePoint servers to host malicious PDFs containing phishing links.…

6 hours ago

Apple Warns of Users in 98 Countries of Targeted Spyware Attacks

Apple has alerted iPhone users in 98 countries about potential mercenary spyware attacks. This marks…

8 hours ago

Citrix NetScaler ADC & Gateway Impacted by regreSSHion RCE Vulnerability

Qualys discovered a critical remote unauthenticated code execution (RCE) vulnerability, CVE-2024-6387, in OpenSSH’s server (sshd).…

8 hours ago

4000+ Domains Used By FIN7 Actors Mimic Popular Brands

Russian-linked FIN7 (aka Sangria Tempest, ATK32, Carbon Spider, Coreid, ELBRUS, G0008, G0046, and GOLD NIAGARA)…

8 hours ago