As holiday shoppers take advantage of the convenience of online shopping, a Zeus botnet is targeting credit-card account holders who shop several major US retailers including Macys and Nordstrom.
NBT Bank has learned that the malware or virus is designed to steal credit card information, probably in order to conduct card-not-present (CNP) fraud. The attack is using a Zeus 18.104.22.168 botnet, which is the latest and most sophisticated version of the Zeus malware platform. The Zeus malware now takes additional steps to circumvent anti-fraud measures. The attack uses social engineering to gather additional information beyond the credit card number that will make it easier for the criminal to bypass fraud detection measures used to investigate suspicious transactions.
CNP fraud takes place in transactions when a credit card is not physically present at the point of sale, as in an internet, mail or phone purchase. In this particular attack, social engineering is used after an infected user logs onto one of the targeted retailer's card services website and the botnet causes a man-in-the-middle-style pop up that says: "In order to provide you with extra security, we occasionally need to ask for additional information when you access your account online. Please enter the information below to continue.
In the pop-up window, the user is asked to enter several pieces of sensitive information, such credit or debit card number, CVV code, social security number, date of birth and mother's maiden name.
NBT Bank wants to remind all customers that when making online purchases not only for the holidays to use extreme caution if retailers are asking for sensitive information. It is reminded that you should always ensure your anti-virus and malware security is current and up to date.
If you have any questions or concerns please feel free to reach out to one of our NBT Bank Customer Service Representatives at 1-800-NBT-BANK (628-2265).