FBI warns SMBs and Government Agencies to Defend Against E-Skimming Attacks

FBI warns small and medium-sized businesses and government agencies to protect against E-skimming attacks. The attack focuses on e-commerce websites.

With the E-skimming attacks, an attacker could inject malicious codes into the website that harvests the credit or debit card data or personally identifiable information (PII).

How Attackers Inject Code

The attack impacted e-commerce companies in the retail, entertainment, and travel industries as well as utility companies and third-party vendors.

Attackers can inject malicious code by exploiting a vulnerability in an e-commerce platform or by gaining access to the victim’s network through a phishing email.

E-skimming attack Image Credits: FBI

The attack also comes through third-party plugins and supply chains of victim website or by exploiting vulnerabilities in the website such as XSS.

“Regardless, once he is in, he can load the malicious code and capture the credit card data in real-time as the user enters it. He either then sells the data on the darknet or uses it to make fraudulent purchases himself,” reads FBI Report.

How Business Protect Against the Attack

  • Update and patch all systems with the latest security software. Anti-virus and anti-malware need to be up-to-date and firewalls strong.
  • Change default login credentials on all systems.
  • Educate employees about safe cyber practices. Most importantly, do not click on links or unexpected attachments in messages.
  • Segregate and segment network systems to limit how easily cybercriminals can move from one to another.

What Victims Can Do

  • Identify the source of skimming code to determine access point – network, third party, or other.
  • Save a copy of the skimming script or malicious loader domain to report to law enforcement.
  • Change pertinent credentials.
  • Refer to your Incident Response Plan, if applicable

You can follow us on LinkedinTwitterFacebook for daily Cyber Security and hacking news updates.

Also Read

Exploiting an Exim Email Server Vulnerability Using EHLO Strings

High Severity Vulnerability Found in Intel Software Let Hackers Perform Escalation of Privilege, DoS Attack


Gurubaran is a Security Consultant, Security Editor & Co-Founder of Cyber Security News & GBHackers On Security.

Recent Posts

Defend Ransomware Attacks With Top Effective Proactive Measures in 2024

We're currently living in an age where digital threats loom large. Among these, ransomware has…

1 hour ago

GoTitan Botnet Actively Exploiting Apache ActiveMQ Vulnerability

Attackers are exploiting the recently discovered critical security vulnerability tracked as (CVE-2023-46604) affecting Apache ActiveMQ…

18 hours ago

Cybercriminals are Showing Hesitation to Utilize AI When Executing Cyber Attacks

Media reports highlight the sale of LLMs like WormGPT and FraudGPT on underground forums. Fears…

18 hours ago

Vigil: Open-source Security Scanner for LLM Models Like ChatGPT

An open-source security scanner, developed by Git Hub user Adam Swanda, was released to explore…

19 hours ago

Slovenia’s Biggest Power Provider has Suffered a Cyberattack

One of Slovenia's major power providers, HSE, has recently fallen victim to a significant cyberattack.…

19 hours ago

Genesis Market Technique: Hackers Exploited Node.js and EV Certificates

In the labyrinthine landscape of cyber threats, the Trend Micro Managed XDR team has uncovered…

21 hours ago