The Zeus Trojan: How Online Retailers Can Protect Themselves From the Latest Malware ThreatOctober 10, 2012 By Andreas Baumhof
Online retailers are sadly familiar with the risks posed by malware attacks. In recent years, fraudsters have targeted e-commerce providers with malware designed to deliver access to customer data and other restricted information. Now, cybercriminals are ramping up their attacks with new variants of the Zeus Trojan — advanced malware that allows criminals to seamlessly intercept customer data at the time of checkout.
Whether you're a major brand retailer or a small e-commerce provider, the latest generation of malware threats against online retailers needs to be taken seriously. More than ever before, you need to know how to protect your company and your customers from Zeus and other advanced malware attacks.
Zeus and the Latest Wave of Malware Threats
Cybercriminals are constantly looking for new ways to access customer data. They routinely adapt malware to circumvent automatic detection protocols. The latest variant of the Zeus Trojan is particularly insidious because it lurks in the shadows, allowing an online retailer's website to appear to be functioning normally. Once the victim logs in, the Zeus Trojan springs to life and attempts to capture their protected data.
In a recent attack against a major department store brand, Zeus triggered a pop-up window that appeared at checkout, asking customers to re-enter their loyalty card information. Since the prompt appeared after customers accessed the retailer's website, most didn't recognize it as a fraudulent threat and willingly submitted their loyalty card information to cybercriminals.
For online retailers, the real danger is that the Zeus’ bogus pages and information requests appear to be legitimate. In some instances, Zeus attacks are even personalized with the victim's name, deepening the illusion that the action is an authentic request from the retailer.
Best Practices for Online Retailers
Staying on top of the latest malware threats isn't easy, not even for highly informed online retailers. There are several things you can do to protect your business from Zeus and other advanced malware threats. Consider the following best practices:
1. Customer education: One of the best ways to protect customers from the latest variants of the Zeus Trojan and other online attacks is to educate them about the ways cybercriminals use malware to access personal information. For example, if you find that customer loyalty data is being targeted by fraudsters, leverage on-site messaging to inform customers that your company will never require them to resubmit their information via a pop-up.