The U.S. Federal Bureau of Investigation (FBI) issued a warning to increase awareness on current e-skimming threats targeting both small and medium-sized businesses and government agencies that process online payments, as well as defense tips to fend them off.
E-skimming (also known as web skimming) is carried out by threat actors who inject malicious code in the form of payment card skimmer scripts within a website's payment processing platform, with the end goal of harvesting and stealing its customers' payment or personally identifiable information (PII).
"The bad actor may have gained access via a phishing attack targeting your employees—or through a vulnerable third-party vendor attached to your company’s server," the FBI says.