Hackers use employee impersonation techniques to breach retail security systems

Mandiant, a branch of the computer security firm FireEye, has released its annual security trends report, which says that hackers are now impersonating retail employees to gain access to internal networks.

"Where money goes, criminals will follow," the report reads. "Retailers have always been in the crosshairs of financially motivated cyber criminals. We saw no change to this in 2014. While attackers used some new techniques and grabbed more headlines, their playbook remained largely consistent with what we have observed over the last few years."

The latest method cybercriminals are using to breach retail security is an updated version of a classic phishing scheme, tailored to target businesses. Hackers will send communications posing as company employees so they can elicit sensitive login information. For example, they will often write emails impersonating individuals from the IT department, and ask employees to update their login credentials by accessing a certain link or forwarding personal data. 

The cybercriminals can then use that information to login to a company's computer system as an employee with valid security credentials. From there, the hacker has access to the entire network, unless the business has established further security walls. 

The study reported that, in 2014, hackers impersonated IT staff in 78 percent of phishing schemes targeting businesses, compared to 44 percent the year before. This upward trend shows that employees are often the weakest link in a company's security plan, and that a thorough employee security briefing is necessary for a company to be adequately defended.

If you're concerned about your company's security status, consider upgrading your card processing software so you can rest assured that your customers are protected.

Scroll to Top