You've been warned to be on the lookout for skimmers -- devices that go over credit and debit card readers which can steal the information from your card. They are often found at gas station kiosks and can sometimes be identified before you slide you card in.
The FBI is now warning about another type of skimmer called e-skimmers. But these work online and there's likely no way for you to spot them until it's too late.
The agency sent a bulletin Tuesday as a warning to small and medium-sized businesses as well as government agencies that take credit card payments online. In e-skimming, criminals place malicious code onto a website and can capture card information in real-time. That information can then be sold on the darknet or used to make purchases.
How does this code get there? The FBI says it most often happens through a phishing attack on the company's employees or a third-party vendor attached to the company's server.
For consumers, here are some tips from cyber security experts, via USA TODAY:
- Check your credit card and bank accounts often to spot fraudulent transactions.
- Don't use debit cards. If a hacker can access your bank account, they can wipe it out and you may not be able to get the money back.
- Enter card information as infrequently as possible. Amazon, for example, will store your credit card information.
- Use Apple Pay, PayPal or another similar system. These also allow you to limit how many times you need to input your card or account information.
- Avoid clicking on banner ads and shop only reputable websites you know.
- Enable two-factor authentication on all your devices.
- It can't be said enough: Have strong passwords that are not easy to guess. Don't use the same password on multiple sites. Change these passwords frequently.
- Have alerts set up on your cards and accounts to let you know about unusual transactions
- Freeze your credit with the three credit reporting agencies to keep new accounts from being opened in your name.
Businesses and agencies are advised to do the following:
- Update and patch all systems with the latest security software. Anti-virus and anti-malware need to be up-to-date and firewalls strong.
- Change default login credentials on all systems.
- Educate employees about safe cyber practices. Most importantly, do not click on links or unexpected attachments in messages.
- Segregate and segment network systems to limit how easily cyber criminals can move from one to another.
Victims of online scams or fraud are urged to report it at www.IC3.gov.