Slashdot Mirror

← Back to Stories (view on slashdot.org)

Attackers Use Email Spam To Infect Point-of-Sale Terminals

Posted by samzenpus on from the protect-ya-neck dept.

jfruh writes: Point-of-sale software has meant that in many cases where once you'd have seen a cash register, you now see a general-purpose PC running point-of-sale (PoS) software. Unfortunately, those PCs have all the usual vulnerabilities, and when you run software on it that processes credit card payments, they become a tempting target for hackers. One of the latest attacks on PoS software comes in the form of malicious Word macros downloaded from spam emails.

2 of 85 comments (clear)

  1. Re:E-mail client? by Whiteox · · Score: 4, Informative

    Email is there in Win XP and later. These POS terminals are full computers with a cash drawer underneath, merchant banking device and card swipe periperhals. They are networked to a local printer and mainly controlled by IT through remote desktop. They are typically in smaller shops with 2 or more terminals. They do stock control, daily cash calculations etc as they replace traditional Z type cash registers.
    Emails are sent by head office to all managers. Intranet and internet are available as well. So yes, they can be infected with spam emails.

    --
    Don't be apathetic. Procrastinate!
  2. Re:Employees think the POS is their personal compu by Antique+Geekmeister · · Score: 4, Informative

    > This is what happens when you have employees who think they have a god given right to surf the internet

    Or when you have an employer mandate to check employee email about store policies, schedules, delivery dates, and inventory, verifying store hours for other branches, verifying alternative vendor prices for price matching, checking the weather for a customer buying exterior paint, looking up a product review or product specifications with a customer, or any of a dozen other uses. It is _embarrassing_ for a modern vendor to be unable to work with a customer checking the same information that the customer can obtain at home on their home computer, or to be unable to print out the specifications for a product that the vendor sells.

    Such terminals have become quite common and are much more necessary now that customers expect one store to be able to verify inventory or reserve an item before proceeding to another physical store. If they cannot do this, they will lose the sale to an online vendor.