With the popularity of eCommerce, a cyberattack called eSkimming has become more of a frequent occurrence. Skimmers had long been a risk for consumers at the ATM or the gas pump, but the practice has become more advanced. Hackers can now steal data in a more lucrative way through an attack called Magecart, CNBC reported.
The first arrests for the crime were announced just this week, with Interpol saying it arrested three Indonesian individuals who reportedly breached hundreds of eCommerce shopping sites. The suspects are accused of swiping personal data like phone numbers, addresses and names, as well as payment information.
Firms of all sizes have been impacted by eSkimming attacks in the past two years, including the Australian Puma website in April, Macy’s in October and the U.K.’s Ticketmaster site in June 2018. One of American Outdoor Brands' websites was also impacted by an eSkimming attack during Thanksgiving.
The FBI says it has been monitoring eSkimming for almost seven years. However, the crime is growing as scammers are becoming more advanced and sharing the malware through the web.
Herb Stapleton, section chief for the FBI’s cyber division, said per CNBC, “If you are a company that has a heavy volume of credit card numbers being inputted into your website, at that point, you’re probably at a higher risk. Now one thing about those types of companies is they often have more resources to invest in cybersecurity measures.”
But Stapleton also noted that “even some lower-traffic companies, some smaller and medium-sized businesses, are still at risk, because some of them may not have the resources to invest as heavily in their cybersecurity.”
In November, Macy’s announced that it experienced a data breach, as its site was compromised with a code that steals shoppers’ payment information. A malicious script was added to the My Wallet and Checkout pages.