What Consumers Need to Know About Black Friday Malware Threat
A few tips to protect your info when shopping online or in stores this weekend.
-- There's nothing quite like a fraudulent charge on your credit card to put a damper on the holiday cheer. With the holiday shopping season about to officially begin, there's no doubt hackers have their eyes on targeting the payment information of millions of shoppers.
A stealthy malware infecting point of sale systems (POS) has been identified by experts at a iSIGHT Partners, a Texas-based global cyber security firm.
The company found the malicious software can go undetected by many security defenses since it operates deep inside the machines using "multiple methods of obfuscation and encryption to evade even the most sophisticated security controls."
"We know that U.S. retailers have been targeted and believe it is very likely that criminal actors are seeking to compromise additional victims beyond those identified," iSIGHT Partners said in a statement.
The company's experts have briefed "numerous retailers and other organizations that are involved with payment systems, and our experts are also actively working with the Retail Cyber Intelligence Sharing Center (R-CISC) to help its members detect and stop this virulent malware," the statement said.
The goal is to help retailers pinpoint the malware and get rid of it to prevent wide-scale data breaches, such as the one that hit tens of millions of holiday shoppers at Target two years ago.
Robert Siciliano, an online safety expert at Intel Security, told ABC News "consumers should go into the season with the mindset that there is a chance credit card numbers could be compromised."
"I think what consumers need to understand is this type of malware -- it might not be this strain -- but a variant has been around for some time," he said. "A lot of the breaches we have seen over the past few years involve infected point of sale terminals."
Siciliano said he urges consumers to go about their planned shopping since there's no way to "proactively prevent this strain of malware or even a crooked clerk" from stealing your information.
"Consumers shouldn’t worry about proactively protecting their cards, but they should be paying attention," he said. Checking a paper statement once a month for suspicious purchases isn't enough, according to Siciliano.
"The best way to stay on top of your transactions is to sign up for any alerts or notifications that [banks] offer," he said. Siciliano suggests setting up custom alerts with your bank.
That means you'll receive an email or text every time a purchase is made without your card being present or anytime a transaction over a certain amount is completed. For those who want to be hyper vigilant, banks can send alerts every time the card is swiped.
"These make you fully informed in real-time," Siciliano said. "I go to the gas station, swipe my card and get a text within seconds."
There are other ways to protect yourself when shopping online this holiday weekend.
When in doubt, always use cash.
When you do shop online, be savvy about where you’re doing it. Make sure you’re conducting a transaction over a private Wi-Fi connection instead of a public hotspot. The National Cyber Security Alliance also recommends making sure all of your Internet-connected devices are up to date with the latest versions of software and apps for extra protection from hackers and malware.