Manager tricked into downloading POS malware by phoney IT staffer

Usually we don’t report breaches of foreign organizations unless there’s a Canadian angle, but we want to draw attention of infosec pros to a news story about how a Texas branch of a taco restaurant chain was scammed through a nasty spear phishing attack detected last week.

According to a television news report, the Abilene police fraud squad says a hacker spoofed an email from an IT employee to the store’s manager, who was asked to download a program on a computer connected to the restaurant’s point of sale systems. The program was malware that infected the POS, enabling the thief to get credit card information between July and Sept. 1.

More than 2,000 people may have been victims. The credit card numbers were quickly sold online to criminals who used them to make purchases all across Texas.

Several things from this incident:

–it’s yet again another example of why awareness training is so important to all staff members, including managers.That training has to emphasize that email should be treated with suspicion;

–the target was an outlet of a franchised chain — in other words, a small business. Retail small business be warned: You are targets, too;

–the news story doesn’t make it clear if the chain’s head office provides IT support, or if that is the responsibility of each outlet owner. I assume a franchised chain mandates franchisees use certain software, but it may allow each outlet to buy their own compatible hardware (such as POS terminals) as long as they meet certain standards. If so  IT support can be a mixture of central and local providers. In such cases franchise head offices have to educate franchisees on secure procedures;

–the issue isn’t whether credit card information is easier to get at in the U.S. than Canada. The issue is if someone can be tricked into downloading POS malware they can be tricked into downloading other kinds of malware;

–a pat on the back to the local police force for publicly divulging how the breach was committed. We need more of this from victim organizations so word can spread on what to look out for.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@]

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now