Like online shoppers prefer big sale days to grab deals, cybercriminals prey on e-commerce sites to trick unwitting shoppers. E-commerce websites are often a primary target for scams like web skimming or e-skimming from Magecart attackers. As we’re in the middle of the International Fraud Awareness Week (November 14-20), it’s essential to acknowledge the security measures required to defend against online fraud.
International Fraud Awareness Week
The International Fraud Awareness Week was first organized by the Association of Certified Fraud Examiners (ACFE) in 2012 to mitigate the impact of online fraud. Since then, several organizations worldwide have partnered with the ACFE to participate in the International Fraud Awareness Week during Nov. 14-20 every year. to promote anti-fraud awareness and education.
In view of the International Fraud Awareness Week, let’s take a look at the top cyberthreats impacting e-commerce websites:
- Be vigilant about the information you share to complete the payment process.
- Cancel the transaction if you feel the site is collecting additional information than required.
- Fill out what is necessary at the checkout page and remember not to save your payment information on the site.
- Ensure you delete your previously stored payment details from the account, as the data may fall into the wrong hands if your account gets hacked.
2. Brute Force Attacks
Sensitive credentials like usernames and passwords are like goldmines to hackers. They often leverage stolen/leaked credentials to break into users’ online accounts to steal confidential data like payment card details or make fraudulent purchases. Hackers often rely on brute-force attacks to guess passwords to penetrate targeted accounts. The passwords are guessed using dictionaries or common word combinations.
Enabling robust authentication procedures like two-factor authentication (2FA), multi-factor authentication (MFA), and zero-trust models can mitigate brute-force attacks.
Phishing – the most common attack vector that scammers use to phish users and perform various malicious activities such as deploying malware, stealing users’ personal data, and harvesting credit/debit card details. Attackers create and circulate numerous fraudulent or fake online shopping sites to trick users into purchasing counterfeit/non-existing products.
Earlier, the Federal Trade Commission (FTC) claimed the number of complaints about online shopping scams has increased, and victims have lost a total of $420 million since 2015. The commission received more than 86,000 complaints related to online shopping issues in 2019. The FBI received several complaints from victims stating they had not received items they purchased and were led to fraudulent websites via ads on social media platforms or while searching for specific items on online shopping pages.
- Do your research on the retailer for legitimacy – Check the website’s contact details on the “Contact Us” page, specifically the address, email, and phone number, to confirm the same.
- Be wary of online retailers offering goods at significantly discounted/unrealistic prices.
- Be wary of online retailers who use a free email service instead of a company email address.
- Do not click on suspicious URLs on shopping sites; they could be malicious.
In tandem with shopping habits, cybercriminals have evolved. Adversaries leverage different techniques like social engineering to deceive and mislead online shoppers. It is our responsibility to be vigilant and practice proper cyber hygiene while shopping online.