Advertisement

How To

Here’s how hackers get your info from the stores where you shop

Kayla Matthews

Kayla Matthews

  • Updated:

Data breaches and major hacks are a dime a dozen these days.

Recently, Saks Fifth Avenue and Lord & Taylor experienced a wide-scale attack, which resulted in the corruption of more than 5 million customer credit and debit card numbers.

Here’s how hackers get your info from the stores where you shop

The information was stolen thanks to a unique software planted within their point-of-sale and cash register systems.

The attack siphoned a continuous stream of financial details, up until last month when it was discovered.

It is now one of the largest known breaches of a major retailer, alongside Target’s 2013 breach, Home Depot’s 2014 breach, and 2017’s Equifax breach.

It begs the question, how do hackers manage such attacks? What tools and systems do they use to gather all that sensitive information?

How hackers make their mark

One of the most common forms of attack is called phishing, which essentially clones an official portal or website making you think you’re visiting an actual brand’s page.

Generally, they trick you into providing personal information when you try to log in, such as payment information.

Ransomware is another common attack, which seizes a system and data and then demands a monetary payment to re-access.

Unfortunately, even after payment, those affected hardly ever get access to their data and systems back.

In the case of large-scale data breaches, such as those Saks encountered, hackers will take advantage of security vulnerabilities within their internal systems.

In the most recent case, the thieves gained direct access to payment systems and stole data from customers making purchases at retail brick-and-mortar stores and online. The major Target breach involved a similar attack.

In Equifax’s case, the breach was a bit less complicated. Hackers gained access to the companies virtual system and made off with data files containing sensitive details.

If and when these data files are not properly protected — using encryption or the like — the hackers can read sensitive information contained within the files.

It’s not a secret that for these kinds of attacks, negligence is one of the most damaging problems — they can easily prevent or stunt using proper security measures.

The problem with modern attacks and breaches is that the onus for proper security belongs to everyone, from the store, to the systems and electronics providers, to even you, the consumer.

It’s such a fragmented responsibility that it’s truly tough to maintain in any reasonable manner. You can do your best, but there’s no guarantee the other involved parties will.

That doesn’t mean you shouldn’t focus on maintaining personal security when you can, however.

It’s important that companies have both in-store and online security measures in place, such as real-time notifications, two-factor authentication, verification checks and captchas.

Even an unsecured CMS can have serious repercussions, which is why brands must also practice good security too.

How can you protect your data?

While many of the above descriptors are generalized, hackers tend to use the same methods and vulnerabilities to gain access to various systems.

What we didn’t cover is the common issue of improper personal security.

1. Use strong passwords

Using strong passwords with a healthy combination of upper and lowercase letters, as well as numbers and symbols, can make it more difficult for anyone to guess or discern your account info.

More importantly, never use the same password across various accounts. If one is compromised, then hackers are smart enough to try using it for other accounts associated with your particular email or username.

They could effectively gain access to even more accounts and information using the one password.

It’s good practice to use strong passwords, never reuse them and never share them with friends, family or colleagues. Software like Lastpass can keep tabs on your passwords so you won’t forget.

8

2. Mind companies’ reputations

Pay attention to a company or website’s reputation before handing over your personal details. Providing an email for a newsletter subscription is not necessarily so risky.

But allowing a retailer to save your credit and billing info for later can be dangerous. It’s possible to make purchases on a website or storefront, without saving this information — putting an awful lot of trust in the organization to protect your data.

3. Use cash or credit

Try to avoid using debit cards and bank cards which offer direct access to your funds.

Instead, opt for a credit card when making online purchases, or buying goods and services from a party you don’t know well enough.

Most credit card companies and services offer fraud protection. While thieves could access your credit card number, they cannot directly access your bank funds.

4. Always review your statements

Pay close attention to your online and banking statements and keep an eye out for fraudulent or strange activity.

The sooner you realize and file claims when something happens, the better off you’ll be both financially and security-wise.

If you think something is wrong, simply get in touch with your card provider and have them cancel your current variant and send a new one. They will often do this with no hassle, especially when potential fraud may have occurred.

5. Enable real-time notifications

Some financial providers and institutions even offer real-time notifications for purchases and changes on a card or account.

If you have the option, always enable these features so you’ll get up-to-date reminders on what’s happening with your account.

6. Enable 2FA when applicable

You should also enable two-factor authentication (2FA) for any accounts or personal logins where applicable.

This forces you to enter a temporary code — sent either to your phone through text, a mobile app or email — to verify your identity before accessing your account.

It ensures your information and accounts are not compromised, even if the connected passwords are. You need a second layer of security details to gain access, hence the name two-factor.

Stay aware of hacking trends

The best line of defense, at least on a personal level, is to remain in touch with what happens around you.

Pay attention to the major data breaches happening, and if you’re affected or believe you may be, then start paying closer attention to your credit reports and financial statements.

Naturally, you should do this already, but it’s still an important step to note.

Finally, make use of all the additional security measures and processes available to you, such as two-factor authentication, security pin numbers, and strong passwords.

So long as you adamantly protect your own personal security, it will serve as the last line of defense if and when a company you shop with drops the ball.

Kayla Matthews

Kayla Matthews

Latest from Kayla Matthews

Editorial Guidelines