jariyawat thinsandee/Getty Images
Online shopping has been a boon for consumers and businesses alike, but it also has a downside: Unsuspecting shoppers can become targets of cybercriminals while browsing the web. Lately, scammers have adopted a new tool called e-skimming, which uses digital “skimmers” to steal your financial information when you make purchases online. The problem has become so widespread that the FBI recently issued a warning to businesses and their customers about the scam. Here’s what you need to know about the latest online shopping threat that puts credit and debit cardholders like you at risk.
What is e-skimming?
Also called web skimming or Magecart, e-skimming is the latest type of card fraud to hit digital marketplaces. Cybercriminals typically break into a retailer’s online store, hide malware on the website’s checkout page, and then use that malware to gather financial data from customers on the compromised site. The stolen information often includes the victim’s name and address, as well as card number, expiration date, and security code—”in other words, all the information that the scammer would need to make purchases online with other people’s credit cards,” says Randy Pargman, a senior director for Binary Defense, a cybersecurity company, and a former FBI computer scientist. (He notes that his statements represent Binary Defense, not the FBI.) From there, the hacker may sell the stolen data to fraudsters who use the information to make purchases on victims’ cards, Pargman says. Here are more online scams you need to know about—and how to avoid them.
How long has it been happening, and who is at risk?
Though e-skimming was first reported as early as April 2015, it likely started even earlier than that, according to Pargman. The FBI has not determined the exact number of cases or compromised sites, but Pargman estimates that millions of credit card numbers have been stolen—with hundreds of millions of dollars in damages—in the last five years. Even worse, the hackers’ methods are so advanced that any retailer could fall victim. American Outdoor Brands, previously named Smith & Wesson, reported in January that e-skimming on its website had affected around 780 customers. Other companies that have recently been targets of e-skimming include Macy’s, British Airways, Puma Australia, and Ticketmaster UK, according to CNBC. Learn the cybersecurity secrets hackers don’t want you to know.
Red flags to watch out for
Unfortunately, it’s close to impossible for the average consumer to spot an e-skimming scam on a website’s payment page. “Even if the website has perfect encryption and everything looks normal, it might not be,” Pargman says. The good news? Cybersecurity experts around the world are constantly scouring the web for infected online shopping sites and reporting any problems they find to site owners. In most cases, the hidden e-skimming device will only last a few days or weeks before it is discovered and removed, according to Pargman. You may not be able to spot an e-skimmer, but you can still watch out for the telltale signs you’re shopping on a fake site.
How to protect your financial info
Online shoppers can rest assured that “most online shopping sites are perfectly secure most of the time,” Pargman says. “Don’t let the fear that thieves might copy your credit card number stop you from shopping online.” When you do shop online, however, it’s smart to be proactive about protecting your financial information. Pargman recommends using a credit card instead of a debit card, so you can easily recoup the cost of any fraudulent charges if your card information is stolen. For even more protection, ask your bank for a virtual credit card, which generates a different card number for each purchase and makes it harder for hackers to steal your info. Finally, stick with reputable merchants that take precautions to protect their sites from online attackers, including the most secure online retailers in the country.