Audio Transcript

Halpern: The FBI, the United States Secret Service, and the Department of Homeland Security have joined forces to mitigate the growing threat of e-skimming attacks.

E-skimming happens when a cyber criminal injects malicious code into a website to steal customer payment information and personally identifiable information, or PII, in real time.

Acting Assistant Chief of the FBI’s Cyber Engagement and Intelligence Section L.T. Chu…

L.T. Chu: The compromises occur directly through the company's website, through its third-party payment vendor. And, and cyber criminals use phishing emails, default, or stolen employee credentials to gain access into the system itself.

Halpern: The FBI and its partners are engaging with e-commerce companies across the country to help them minimize the risk of attacks.  

Chu says basic cyber hygiene is a must for these companies.

L.T. Chu: Actively scan and monitor web applications for unauthorized access, conduct network penetration tests on a regular basis, strengthen your credentials requirements, and implement multi-factor authentication, things like that--just to make it harder for the bad guys to get in.

Halpern: Have a cyber incident response plan in place. Report e-skimming attacks at ic3.gov. With FBI, This Week, I’m Mollie Halpern of the Bureau.