The FBI’s Portland, Oregon office has published an advisory providing a background of and tips for defending against e-skimming. E-skimming occurs when cyber criminals inject malicious code onto a website. The threat actor may have gained access via a phishing attack targeting employees – or through a vulnerable third-party vendor attached to a company’s server. Organizations that need to be especially wary of this kind of activity include those that take credit card payments online, as threat actors can capture credit card data in real time as the user enters its. Threat actors then sell the data on the Darknet or use it to make fraudulent purchases themselves. Tips for protecting against e-skimming include updating and patching all systems with the latest software and segregating and segmenting network systems to limit how easily cyber criminals can move from one to another, among others. Read the advisory at the FBI.