Leave a comment

Microsoft flaw exposes retail stores to credit card theft

Microsoft flaw exposes retail stores to credit card theft
PHOTO COURTESY OF SHUTTERSTOCK

Your credit card and debit card payment information may have been stolen. Cybercriminals used a two-prong attack that let them scrape your payment information at hundreds of stores and restaurants.

Here's how it worked. Believe it or not, it started with a phishing email scam.

The hackers sent the affected stores emails with an attached Microsoft Word document. If they opened it and enabled macros, and many did, their point-of-sale systems were infected with a downloader called Punchbuggy. (Note: POS systems are where you swipe your payment card.)

That let the cybercriminals interact with the stores' POS systems. It gets worse.

Then, they used a memory-scraping tool called Punchtrack. They scraped payment card information that let them elevate their access to the POS systems.

Here's what we know so far. The names of the stores and restaurants have not been revealed, but there were hundreds of them. The good news is, Microsoft recently issued security patches to fix the flaws.

So what can you do to protect yourself?

First, make sure you're using the most up-to-date versions of Windows. To check that you are, on Windows 10: Start >> Settings >> Update & Security. Find out if your system is up to date under "Windows Update."

According to researchers, "The latest Windows updates address CVE-2016-0167, and fully protect systems from exploits targeting CVE-2016-0167."
Second, make sure you're not using old credit cards or debit cards with the black magnetic stripe on the back of it. The new EMV cards are much more secure when you're making payments. Read more about EMV cards here.

Then, make sure your computers, tablets and smartphones are protected with the best Internet security system available.

The best Bluetooth speakers money can buy
Previous Happening Now

The best Bluetooth speakers money can buy

Windows 10 is killing off this feature
Next Happening Now

Windows 10 is killing off this feature

View Comments ()