The information provided on this website does not, and is not intended to, act as legal, financial or credit advice; instead, it is for general informational purposes only. Information on this website may not be current. This website may contain links to other third-party websites. Such links are only for the convenience of the reader, user or browser; we do not recommend or endorse the contents of any third-party sites. Readers of this website should contact their attorney, accountant or credit counselor to obtain advice with respect to their particular situation. No reader, user, or browser of this site should act or not act on the basis of information on this site. Always seek personal legal, financial or credit advice for your relevant jurisdiction. Only your individual attorney or advisor can provide assurances that the information contained herein – and your interpretation of it – is applicable or appropriate to your particular situation. Use of, and access to, this website or any of the links or resources contained within the site do not create an attorney-client or fiduciary relationship between the reader, user, or browser and website owner, authors, contributors, contributing firms, or their respective employers.
Credit.com receives compensation for the financial products and services advertised on this site if our users apply for and sign up for any of them. Compensation is not a factor in the substantive evaluation of any product.
Hundreds of retailers have been the subject of attacks by difficult-to-detect malware, which steals customer information using popular remote-access applications like Microsoft Remote Desktop, Apple Remote Desktop, Splashtop, Join.me and others. The malware, called “Backoff,” is described in a new advisory from the Department of Homeland Security, compiled with the help of the National Cybersecurity and Communications Integration Center, United States Secret Service, Financial Sector Information Sharing and Analysis Center, and Trustwave Spiderlabs.
Trustwave told Time magazine at least 600 retailers have had consumer information compromised by Backoff, many of which it said are independent stores, but victims include national chains as well. Attacks go back as far as October 2013, the Homeland Security report says, and they continue to be an issue, because technological defense systems are failing to block the malware.
“At the time of discovery and analysis, the malware variants had low to zero percent anti-virus detection rates, which means that fully updated anti-virus engines on fully patched computers could not identify the malware as malicious,” the advisory says.
Through the remote-access applications, suspects log into an administrator’s account to infiltrate the retailer’s point-of-sale (PoS) system, through which a variety of data is compromised, including names, mailing addresses, credit and debit card numbers, phone numbers and email addresses.
The Homeland Security advisory lists tips for companies looking to protect their data from Backoff, but as the various data breaches of the past several months have taught us, consumers bear significant responsibility for protecting themselves against fraud.
While you hope a company will keep your personal information and credit card data safe, you should make a habit of frequently reviewing your card transactions, in addition to looking at your credit reports and credit scores for signs of fraud.
If something you don’t recognize pops up on your credit report, it could mean someone used your personal information to open fraudulent accounts. A sudden drop in your credit score could indicate the same thing, and it could also mean someone is racking up charges on one of your credit cards without your knowledge. To help you spot fraud, you can get two free credit scores every month through Credit.com, and you can request your free annual credit reports by visiting AnnualCreditReport.com.
Image: iStock
April 11, 2023
Uncategorized
September 13, 2021
Uncategorized
August 4, 2021
Uncategorized