We live in a technology-driven world. As great as it may seem to be one click away from having any product you can imagine delivered to your door, you could also be just one click away from being hacked.
Phishing in retail has increasingly become an issue; with retailers of all sizes becoming the targets of security breaches compromising thousands of consumers’ credit card information. Moreover, some businesses never recover from the expense and damage to their brands. Surprisingly, many retailers are not educated about phishing and what they can do to defend against these kinds of attacks. Here are answers to questions retailers need to know.
What is phishing?
Phishing is a malicious attempt by hackers to acquire sensitive information (usernames, passwords, credit card information, etc.) by fraudulently posing as a reputable person or business. For example, many phishing attempts involve a spoof email account that looks very similar to one you’d recognize—so instead of somecompany.com it may look like somecompanyinc.com. The change is minute enough to fly under the radar of the common user, and the user may unknowingly download a virus or handover valuable information that’s requested in the email.
What are the different types of phishing?
Phishing in retail may take different forms. In addition to spoofed emails, hackers may also direct victims to webpages where they pose as a credible business. They may invite users to take a survey, offering money in return. After completing the survey, victims enter their credit card information to receive the deposit.
Spear phishing is a more targeted attempt, where emails are sent to specific people within the company — like the CEO or an executive in the finance division. Hackers have become very sophisticated, researching the company and the target so the emails sound legitimate, increasing the likelihood that the victim will provide the information they request or click on the attachment.
Phishing in retail is enticing to hackers, because not only can they access company information, but all the consumer information from POS terminals, including credit card information.
What is an example of phishing in retail?
One of the most memorable cases of phishing in retail stems from the 2013/2014 attack on Target. In this instance, hackers sent a phishing email to one of Target’s third-party contractors. They most likely found login credentials for the web portals used by the contractor, and then gained access to Target’s network, capturing the credit card information of over 110 million customers. Reports are that the incident cost Target over $1 billion.
Is my business susceptible?
There are only two types of retailers out there — those who have been the victims of phishing and those that don’t yet know they’ve been the victim of phishing. All businesses of all sizes are potential targets for phishing, and retailers need to implement strong security practices and solutions to defend against these attacks.
How do I prevent phishing attacks?
It’s important to implement technology like firewalls, spam filters, antivirus and antimalware, intrusion detection and prevention that safe guard your business from attackers. You should also follow Payment Card Industry Data Security Standards (PCI DSS) to monitor your network and keep it safe.
However, it’s equally important to educate employees on security practices to prevent hackers from breaching your defenses.
Simple things can make the difference. Ensure your employees know the following:
- Never open files or attachments from unknown senders.
- Never email personal of financial information — even if you believe that the intended recipient is secure.
- Beware of links in emails requesting personal or financial information.
- Beware of pop-ups requesting personal or financial information.
With these practices in place, you can better protect your business and consumers from the dangers of phishing in retail.
