Help Your Readers Protect Themselves from “E-Skimming”—the Latest Consumer Cybercrime 

by March 10, 2020
E-skimming plants malicious JavaScript code in online stores to steal data on credit card payments. (image credit: mohamed_hassan)

What do the recent arrests of three hackers in Indonesia have to do with U.S. consumers?

Plenty. The three thieves are part of “Magecart,” a network of more than half a dozen cybercrime groups operating around the globe. Every day, users who enter their credit card information in checkout and payment forms has no idea that they’ve just become the next victim of “e-skimming,” which is the latest type of cybercrime to appear.

U.S. consumers know how to protect themselves from data breaches, identity theft and other types of online scams in this blog, but they may not have heard about e-skimming yet. As e-commerce becomes increasingly commonplace, business reporters can help their readers protect themselves by answering one or all the following questions:

What is “e-skimming?”

E-skimming plants malicious JavaScript code in online stores to steal data on credit card payments. This latest cybercrime has been on the Federal Bureau of Investigation’s (FBI) radar for about seven years, but these crimes have escalated since 2018. One reason for the uptick in this type of cybercrime? It’s become harder to steal that information from cash registers or Point-of-Sale (POS) terminals.  

Query your readers and ask if they were skimmed recently after making a purchase online.  Consumers know about skimmers, or hidden devices, that hack their information at gas stations and non-bank ATMS, but e-skimming is growing as cybercriminals share malware online. This report from threat researcher Yonathan Klijnsma at security firm RiskIQ will bring you up to speed.

How do I know if I’m a victim of “e-skimming?”

You won’t. The key to protecting yourself from e-skimming is preventing it from happening to you. The size of data breaches are startling: In 2019, data breaches increased 54 percent and exposed 4.1 billion records, according to cybersecurity firm Symantec. 

Have several cybersecurity experts weigh in to help answer this question. Good sources are Herb Stapleton, section chief for the FBI’s cyber division; Randy Pargman, senior director for threat hunting and counterintelligence at Binary Defense; and Klijnsma. 

I like to shop online. How can I protect myself?

This question lends itself to an online video. Consumers can take several steps. They should shop only at secure websites; know the site’s policies on privacy and security; be aware of computer “cookies,” which track and store your information; install security updates as soon as they are available; and never give out their Social Security number. Other tips: Use a credit card instead of debit card. Monitor your credit cards regularly for any unusual activity. Pay with a credit card instead of a debit card. Consider paying with a virtual credit card, a unique number used for specific transactions. The U.S. Department of Homeland Security adds a few more tips here. Develop your own list after talking with your consumer panel.