High fuel prices aren’t the only thing travelers need to worry about at the pump. Visa has issued a warning that anyone who has pumped gas may have had their credit card information stolen.
Visa has been tracking three different types of attacks “targeting merchant point-of-sale (POS) systems that were likely carried out by sophisticated cybercrime groups. Two of the attacks targeted the POS systems of North American fuel dispenser merchants.” At least two of the attacks also appear to have been carried out by a group known as FIN8.
The cyber criminals gained access to the target’s network and then installed malware that specifically harvested credit card information. In at least one of the attacks, the “threat actors compromised the merchant via a phishing email sent to an employee. The email contained a malicious link that, when clicked, installed a Remote Access Trojan (RAT) on the merchant network and granted the threat actors network access. The actors then conducted reconnaissance of the corporate network, and obtained and utilized credentials to move laterally into the POS environment.”
In the second type of attack, magnetic swipe cards were targeted, although chip-based cards were not.
Ultimately, Visa concludes by expressing concern that cyber criminals are increasingly targeting brick-and-mortar businesses, and fuel stations in particular, with relatively sophisticated attacks. These attacks are much more involved than simply skimming credit card information via pay-at-the-pump terminals. Visa recommends fuel stations moved to chip readers as soon as possible to increase security.