{"id":17381,"date":"2020-01-08T11:10:02","date_gmt":"2020-01-08T19:10:02","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2020\/01\/08\/news-11117\/"},"modified":"2020-01-08T11:10:02","modified_gmt":"2020-01-08T19:10:02","slug":"news-11117","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2020\/01\/08\/news-11117\/","title":{"rendered":"6 ways hackers are targeting retail businesses"},"content":{"rendered":"

Credit to Author: Kayla Matthews| Date: Wed, 08 Jan 2020 18:04:10 +0000<\/strong><\/p>\n

Retail hacking is no new phenomenon, although it has increased in frequency over the last few years. In fact, retailers experienced more breaches than any other industry in 2019<\/a>, and they’ve lost over $30 billion to cybersecurity attacks. <\/p>\n

Both brick-and-mortar and online businesses experience retail hacking. Cybercriminals must often work harder to access online stores because these companies’ reputations ride on secure transactions. However, they’re not exempt from the flood of break-ins that happen during high-volume shopping seasons, including back-to-school, Black Friday, and the winter holidays. <\/p>\n

Last-minute shoppers become the victims of retail hackers looking for simple ways in. Many consumers rush to buy gifts before the holidays sneak up on them, meaning they’re less diligent about scams and fraudulent sites. Shoppers might be willing to visit stores and webpages they’ve never been to before in search of hard-to-find items. Threat actors know this and take advantage of it with scarily authentic scams<\/a>.<\/p>\n

Even though the holidays have passed, shoppers should remain vigilant about scams and retail attacks\u2014especially as web skimmers up the ante with social engineering<\/a> tactics and evasion methods<\/a>. Businesses, too, will benefit from strengthening their security protocols and staying up-to-date on the latest hacking methods.<\/p>\n

1. Credential stuffing<\/h3>\n

Retail hackers frequently use credential stuffing<\/a>, or the use of stolen usernames and passwords, to break into systems because it’s one of the easiest ways to siphon off data. Many people use the same passwords across multiple sites, which leaves them open to invasion. Hackers collect these credentials via purchase from the dark web or databases of personally identifiable information<\/a> left online after massive breaches, and use them to hack into retailers and buy products. <\/p>\n

Chipotle experienced a breach like this earlier in 2019<\/a>, where costumers’ credit cards racked up hundreds of dollars in food purchases. However, many customers argued that their passwords were unique to Chipotle, which begs the question of how else cybercriminals could have accessed their accounts.<\/p>\n

2. Near field communication (NFC)<\/h3>\n

Price scanners, cell phones, and card readers are notorious targets for NFC breaches. NFC technology allows customers to use their phones to purchase goods by tapping them against a reader. <\/p>\n

Similarly, someone can scan a QR code<\/a> and gain access to an exclusive app or land on a site where they can purchase items. Though NFC is convenient, retail hackers have little problem intercepting the data from its transactions and stealing information. <\/p>\n

Even malware can pass from infected phones to retail systems. NFC technology is prevalent in face-to-face transactions, but more sites are hosting QR codes for users to scan. Hackers generally use several different ways to manipulate data transmitted over a distance:<\/p>\n