It’s strange these days to imagine someone driving to a physical store to purchase a cell phone or some type of trendy gadget. Ever since virtual stores—also known as e-commerce—have become popular, it’s been much easier (and often cheaper) to buy consumer products. You just go to the site, choose the item you want and pay using a payment card, bank transfer or credit card. Social networks and reviews on specialized webpages help with choices and play the role of store clerk whenever the consumer has questions.
But it’s not all rosy. Since the dawn of humankind, merchants have constantly had to deal with robbery, shoplifting and fraud. We have had no reason to believe that on the Internet things would be any different. With the advent of e-commerce, specific cyber security risks have also arisen within that industry. Since it’s increasingly easy to create a virtual store, merchants don’t always respect the basic principles of cyber security.
It’s easy to understand why e-commerce was the second-leading target for phishing attacks in 2018. With 6,000 occurrences identified by Axur, this sector trailed only the financial segment, which registered an incredible 10,000 threats. Virtual stores are easy and lucrative targets for cybercriminals, who are using a series of techniques that cause both material and non-material damage (especially for small sites, which are often developed with little diligence and without the solutions necessary for digital data protection).
There are several reasons why e-commerce is so attractive for those wanting to carry out scams online. Let’s look at a few examples:
Together, those factors (and a few others) make e-commerce a true pot of gold for those who want to make easy profits by injuring third parties on the Internet. The characteristics of this sector make it seductive even for those who are just getting started in the world of cybercrime, since many of the scams don’t require great ability or technical knowledge to be carried out.
Take phishing on e-commerce for example. There, the criminal just needs to build or buy a ready-made fake screen that perfectly simulates the targeted store’s product page. Then all that’s needed is to send an email inviting victims to access that screen and encourage them to purchase the item (that doesn’t even exist). All the money goes to the scammer, while the consumer will wait forever for their purchase to be delivered. This situation damages both the Internet user and the digital presence of the real store.
Exploitation of gift cards is also becoming increasingly common. Since it’s not necessary to prove your identity in order to use them, they can be stolen, sold and exchanged on the deep web. These days, the most skilled criminals can counterfeit a store’s gift cards indefinitely if they manage to learn the algorithm used by the retailer to generate the theoretically random codes on each card. It’s a scam that can cost the enterprise millions in financial losses.
Other common tactics that we can mention include automatic SMS verification (which is nothing more than two-factor authentication done via text messages to identify a customer), exploitation of a site’s structural breaches (which exist, again, due to the lack of concern for digital security in the store’s development) and even the use of administrator credentials to invade a site’s systems. These credentials can be acquired through leaks, through brute-force attacks, or through credential stuffing.
These dangers are exactly why it’s so important to monitor all possible Internet channels—open and closed, on the surface as well as on the deep web—to identify possible threats before they actually cause financial losses or non-material damage to your company. Axur’s solutions are here to help you with that, issuing notifications should anything related to your brand be detected (a leak, a voucher counterfeiting service, or even a simple discussion over how to take advantage of a breach in your systems). Contact us and find out how we can help you be set free from cybercriminals!