Visa warns drivers to watch out for ‘concerning trend’ of hacked gas pumps

This post was originally published on this site

Tim Boyle/Getty Images

Hackers have attacked certain gas pumps, according to a new alert from Visa.

While a record-breaking number of Americans are expected to travel to friends and family and getaways this holiday season, they’ll need to be on guard for hackers who might try accessing their personal data along the way.

Certain gas pumps, public cellphone charging stations and free Wi-Fi can be problem spots, experts say — now more than ever. Hackers are increasingly targeting victims in transit: The travel industry is now the second-most attacked industry, up from the 10th spot two years ago, according to IBM IBM, -0.01%   research.

There are some simple precautions that can help you avoid, or at least quickly spot, a cyberattack that could spoil your holiday travel plans.

Compromised gas pumps

Two cyberattacks over the summer targeted the point-of-sale systems on gas pumps in North America, according to a December security alert from Visa V, -0.46%, the payment technology giant. “It is likely these merchants are an increasingly attractive target for cybercrime groups,” according to Visa’s notice.

The hackers exploited network weaknesses, and in one case, gained access through a phishing scam via an email to an employee, the notice said.

Visa’s alert called the gas pump cyber attacks “a concerning trend,” noting the incidents were attacks on internal networks and different from so-called “skimming” schemes. Skimming is when crooks secretly put devices in ATM machines to swipe customer card data.

There isn’t a way for consumers to spot and avoid compromised gas pumps, said Jack Gillis, executive director at the Consumer Federation of America, an association of consumer protection advocacy groups.

But drivers can always use cash, he said. Vigilance is the best bet for people using a credit card, Gillis said. “The only thing you can do to protect yourself is log in to your credit card account on a daily basis to be sure the listed and pending charges are legit,” he said. Immediately notify your credit card company about suspicious charges, he said.

A Visa spokesman told MarketWatch, “consumers won’t be held responsible for unauthorized transactions made with their Visa card. They’re covered if their card is ever lost, stolen or fraudulently used.”

Public Charging Stations

If your cellphone battery is running low at the airport or train station, some places offer charging stations.

That’s a real help, right? Not so much.

Data safety experts and law enforcement authorities say travelers need to beware of “juice jacking.”

Hackers can plant malware in charging stations or cables, they say. Criminals can then lock your device and steal passwords and other sensitive data, according to the Los Angeles District Attorney’s office.

“You’re far better off carrying a cord and a plug if you’re in an airport, and scoping the place for an outlet,” Gillis said. “Public charging stations for cellphones can be a lifesaver. But you should only use them when absolute necessary,” he added.

Another option is traveling with a chargeable external battery. One search through Amazon AMZN, +0.80%   shows starting prices are typically around $20 — just remember to charge the battery first before traveling.

Forty percent of business travelers plug into public USB stations during every trip, or very often, the IBM survey revealed. Almost one-third (28%) of personal travelers do the same thing, the survey added.

Public Wi-Fi

Like charging stations, there can be a hidden cost to free, public Wi-Fi.

In their nasty bag of tricks, hackers can eavesdrop on the digital habits and transactions of someone using the free network. Security on the networks can be “lax or nonexistent,” according to the cyber security company NortonLifeLock NLOK, +0.39%  .

The company said another hacker tactic is creating an open Wi-Fi spot that appears to be a valid network, and then viewing the information of everyone who logs on.

Too many people are gambling with their data by using public Wi-Fi, the IBM survey said. Almost half (42%) of business travelers always, or often, connected to the public Wi-Fi and 34% of personal travelers did the same.

If people must connect online, they should access the web using a “virtual private network” (VPN), suggested NortonLifeLock. People should disable auto-connect features and shut off their Wi-Fi or Bluetooth features when not in use. They should also hold off on going to websites with sensitive personal data — like a bank’s website — until they can do it from a secure network.

“You’re always taking a bit of risk with free Wi-Fi,” Gillis said.

Shares of Visa have been up 40% this year to date, compared to a 21% gain for the Dow Jones Industrial Average DJIA, +0.26%   and a 27% increase for the S&P 500 Index SPX, +0.12%

More from MarketWatch