Beware of the New Threat of E-Skimming!

By Bob Gorman posted 4 days ago


Now, hidden devices or skimmers typically designed to steal credit card information have previously been a threat for the users at the ATM or gas pumping stations. Skimming has now become advanced, and high-tech and hackers can compromise your data more productively.

Last year, during the holiday shopping season, an American Outdoor Brand noticed a problem with their websites that sell accessories, hats, and shirts. Later it was revealed that the site was a victim of an e-skimming attack over Thanksgiving. They reveal that a kind of malware-infected their checkout pages to steal both personal and payment details of the customers. The company claims that the breaching incident affects approximately 780 people.

In previous years, such attacks had hit both large and small scale companies. It also includes the attack on Macy’s in October, Ticketmaster, a UK site in 2018, and Puma’s Australian website in April.

Cybercriminals can attack websites in several different ways, including breaking directly into the webserver or into a shared server that supports various online shopping websites to compromise them all. It is something severe that can cause damage to trillions. We’ve compiled this post for our readers so; they can get more insight into what E-skimming is and how to prevent it.

E-Skimming and It's Working

Cybersecurity professionals have discovered a new threat known as E-skimming. It is the process of using malicious code to get hold of the sensitive and personal information of a user like credit card details from an online webpage.

E-skimming is a complete hack. Hackers add a small piece of code to an e-commerce site that seizes the payment information. The code can easily be added by entering a website’s server either by a phishing attack, alluring a developer into using something that seems a legal plug-in, manipulating a known software vulnerability, or even a module for a website that includes the malicious code.

It doesn’t interrupt or stop the information in transit. It lines on the targeted site and keeps a record of the payment information along with other sensitive information as it is entered by the customer during the checkout process.

The e-skimming software sits and collects the information and transfers it to the hacker who put it there till it is discovered; this can often take weeks and months. From here, the cybercriminal can sell the stolen information or pick payment cards to turn it into profits.

The FBI has also shown its concern on this issue. They believe that e-skimming has been under their radar for seven years; however, the crime is increasing because cybercriminals are sharing the malware online and are becoming more advanced by each passing day. Another reason behind their quick spread is that criminals don’t have to interfere with any physical system and can launch this attack from anywhere in the world.

Things to Do If You Have Been a Victim of E-Skimming

If you’ve already been a victim of E-skimming, then to avoid such happenings in the future, you must do the following things.

  • Change the valid credentials
  • Lookup for a code-savvy person to identify the source of the skimming code to determine the access point like a third party or network. Try to have a copy of the skimming script or malicious loader domain to report to the law enforcement department.
  • Record a complaint at the Internet Crime Complaint Center
  • Shop from reputable sites
  • Start using one-time use credit cards that can skim without any result.
  • Update your system. For this, you can opt for reliable antivirus products as they are capable of detecting previously compromised websites. Read more about the best antivirus software on

How to Stay Safe from E-Skimming?

Unlike the physical card skimming, you can’t simply look at a website and reveal that a hacker has interfered with the system with e-skimming. The website owner might not know themselves unless there is an investigation. But, there are some things you can do to protect yourself from e-skimming. The following mentioned below are some of the ways to stay safe from this attack.

1. Enable Alerts on Your Cards

Transaction alerts are always a great idea, and they are one of the best practices against e-skimming. The warnings are usually sent via an email or text comes from your card issuer and inform you every time your card is used to make a purchase. As soon as the transaction is processed, the alert is also issued. You can contact your bank and stop the payment if you witness any suspicious activity as well as order a new card by closing the previous one.

2. Use a Virtual Credit Card

They are the dynamically and temporary generated numbers that can be used once to allow a transaction. Software applications create the new virtual number or token that is transmitted between the bank and retailer to confirm that it is all right for a transaction to proceed. A virtual credit card also means that you don’t have to disclose the information present on your static credit card. Several banks provide virtual credit card services like Citibank, Capital One, and Bank of America.

3. Pay By Using a Third Party

In case you’re not using a separate credit card for online shopping, then consider paying through a third-party processor, like PayPal, in case the buying site gives you that option. It helps in ensuring that the retailer won’t ever see your personal information.

4. Vigilantly Monitor Your Account

All the consumers must take a routine check at their bank and card accounts to ensure that nothing suspicious is going on. Your card might get sold by a hacker, and there can be a limited time for you to dispute any charges to avoid accepting responsibilities for them.

5. Consider a Low-Limit Card for Online Shopping

Particularly with holiday shopping is gearing up, consider a low-limit credit card for use on the internet. It is so because it reduces the amount of damage a hacker can do if your card is compromised online.

6. Pre-Plan Your Holiday Shopping

If you are doing a lot of online shopping, then it is a good idea to plan what you will buy and from which buyer. Firstly, it helps in sticking to a fixed budget; secondly, you will not get influenced into opening dozens of online accounts and spreading beyond your budget. Limiting your purchasing can also minimize the risks of encountering e-skimming attacks.

7. Use Reliable Sites and Look for HTTPS

Hackers enjoy seeing who can earn the most credibility by taking down bigger targets. But, the more reliable and secure the seller’s site, the more likely it is going to have robust security protocols. Therefore, avoid websites you are not familiar with no matter how compelling the advertised deals are.

Takeaway Notes

The e-commerce sites are becoming complex, and because of this, it is difficult to defend them.  They have an ever-expanding attackable surface in a surrounding where reducing that surface is their ultimate motto. The best way to reduce this problem is to get in the habit of putting security as their top priority. It also includes vigilance during online activities along with the practices mentioned above. Hopefully, now you have got a clear idea of this crime and will adopt every possible means to protect yourself.