Most consumers know about the potential threat of skimmers at the gas pump or ATM. These hidden devices used to steal credit card information have been around for decades. Now skimming has gone high tech: hackers can steal your information while you’re online. The attacks come from Magecart groups, a reference to the loosely affiliated syndicate that created the malware.
Website Payments Can Be Compromised
Cybercriminals use a variety of techniques to compromise websites, including breaking into the web server directly or breaching a common server that supports many online shopping websites. E-skimming occurs when cyber criminals inject malicious code onto a website. The bad actor gains access via an employee-focused phishing attack or through a vulnerable third-party vendor attached to the company’s server.
Once in, malicious code is loaded to capture the credit card data in real time as the user enters it. The information is sold on the darknet or used to make fraudulent purchases.
Small and medium-sized businesses and government agencies that take credit card payments online are especially vulnerable.
Recovery Point’s Security Solution
What will you do if your primary sites and systems are affected by Magecart? A conventional disaster recovery plan and online data backup may not guarantee that you can defeat an e-skimming attack on your infrastructure. Your ability to secure clean copies of your data, out of reach of your attacker yet immediately accessible by you may be critical to your business’ survival.
Recovery Point helps clients maintain periodic offline “air gap” copies of their data on physical offline media where it is impervious to a network attack. An air gap creates total isolation of a given system electronically and—most importantly—physically from other networks, especially those trying to attack your operations. If they do gain access, your “air-gap” media can provide the basis for a successful recovery.
Our Top Tier Defense
Recovery Point colocation facilities are home to a broad spectrum of public and private sector clients and are all audited against key national standards for site, network and data security, including both SOC2 and PCI-DSS and others. We qualify our facilities and services against the most rigorous Federal and industry benchmarks (including FedRAMP) so our clients and their risk managers can be confident our services will enhance the security of their critical IT assets.
E-Skimming Prevention Tips
The Cybersecurity and Infrastructure Security Agency (CISA) encourages businesses and Government agencies that take online payments to consider the following tips to help protect against e-skimming:
- Keep software updated
- Change default credentials and create strong, unique passwords on all systems
- Implement multi-factor authentication
- Do not click on links, and be wary of email attachments in messages
- Segment and segregate networks and functions
Report Suspected Cyber Attacks
Users can report suspected attacks to their local FBI office or to the FBI’s Internet Crime Complaint Center (IC3) at www.ic3.gov.
The IC3 provides the public with a trustworthy and convenient reporting mechanism to submit information concerning suspected Internet-facilitated criminal activity. Last year, 298,728 complaints reported losses of more than $1.3 billion.
Stop e-skimming in its tracks with a service provider you can trust. Call 877-445-4333 to speak with a Recovery Point security expert.