Top cybersecurity threats for eCommerce businesses

eCommerce is changing the business landscape. In the retail industry, specifically, it’s making a significant impact on how people shop. Before, people had to have a physical store to sell things. But now, online shopping has become the new trend, and accounted for almost 10% of 2019 total retail sales in the United States.

Cybercriminals are also taking note of the rise of online stores. These are especially vulnerable to threats because they store all the personal and financial details of their customers digitally. These include bank account and credit card information, email and mailing addresses, and login credentials. Hackers can use the acquired data for financial and identity fraud, or hold sensitive data for ransom.

If you own an eCommerce business, you should be informed of how to protect yourself from these threats. Let’s take a look at some of them:

#1. Phishing

This is a fraudulent attempt where an attacker sends out hoax emails, calls, or text messages to distribute links to spoofed login pages or malware-laced attachments that can exfiltrate login credentials or personal and financial information from victims.

According to Phishlabs’ 2019 Phishing Trends and Intelligence Report, corporate users were the most susceptible to eCommerce-based email lures. In their simulation study, 27% of the respondents clicked on the phishing email, possibly exposing confidential data such as purchase confirmations and shipping information, among others.

Business email compromise (BEC) is one of the most effective phishing tactics. BEC compromises or fakes official company accounts to conduct unauthorized fund transfers. After all, if the email seems to come from a legitimate entity, like a co-worker or a company executive, the email recipient will be more likely to comply with the requests.

Let’s say an employee receives an email that is purportedly from a co-worker asking to verify a customer transaction. It contains a fraudulent link that will ask the recipient to log in to their company’s account. If the user enters their login credentials, cybercriminals would be able to access the account and steal customers’ information.

To prevent phishing attacks, teach your employees to always verify the authenticity of the sender’s email address. Do not click on suspicious links and attachments, as these may launch malware or other similar attacks to your system. Implementing multifactor authentication (MFA) can also help you reduce phishing attacks. MFA makes use of multiple ways to verify a user’s identity, such as a one-time smartphone code, or biometrics like fingerprints or facial recognition. This way, even if cybercriminals get ahold of a user’s credentials, their login attempt would be futile without fulfilling the other verification steps.


#2. Distributed denial-of-service (DDoS) attacks

DDoS is another dangerous threat in which a hacker uses thousands of different computers to target an internet-accessible system and flood it with connection requests. Once traffic becomes too much to handle, the system will crash and become unusable.

For your eCommerce business that relies on the internet for profit, this is particularly an alarming threat. In the event that your online store suffers from a DDoS attack, your regular customers will likely experience difficulty accessing your website. A few users will be able to get in, but because of the high traffic, they will experience problems using the site. Others will not be able to access your website at all, affecting your sales as a result.

To make it as difficult as possible for cybercriminals to launch DDoS attacks on your website, make sure that you spread your servers across multiple data centers with a good load balancing system to evenly distribute traffic. These data centers should be in different countries, or at least in different regions of a country. This way, even if one server is taken down, the others can quickly take over. This ensures a smooth shopping experience for your customers on your website.

#3. Card skimming

As payment card companies switch to more secure credit and debit cards, criminals are also improving their strategies. It has become harder to infect point-of-sale (POS) systems in brick-and-mortar stores, so cybercriminals are targeting eCommerce websites.

In May 2019, a credit card skimming attack was carried out on multiple online campus stores in the US and Canada. The cybercriminals injected the websites with a skimming malware that scrapes credit card information and personal details as soon as a customer checks out their order. The stolen information is consequently sent to a server where the cybercriminals can exploit the data for their own gain.

The best protection from online skimming attacks is the adoption of a layered defense. Regularly patch your operating system (OS) and install the latest security updates for your antivirus and anti-malware software. Restrict file access to only what is needed by your employees as well.

#4. Man-in-the-middle attacks (MITM)

This threat enables an attacker to listen in on a user’s communication with your website, which they will use to steal confidential information or pretend to be someone from your organization.

For instance, if a customer transacts with you using an unprotected Wi-Fi network, hackers can easily intercept the connection and communicate with the user pretending to be your business.

A Secure Sockets Layer (SSL) certificate can prevent MITM attacks by ensuring that the user’s web browser connects to a legitimate website. The website provides the user’s browser with a certificate issued by a trusted authority. Only then does the browser trust the website’s security.

If an attacker pretends to be your eCommerce website without a valid certificate, for example, the user’s browser won’t establish a trusted connection. The web browser will then ask the user to be wary of making transactions on the site as it may not be safe to do so.

When it comes to your eCommerce business, you need the best IT provider. Let INFINIT Consulting be your technology partner. We provide proactive IT management and on-demand support services in the San Jose, CA area. By keeping your company protected from the most dangerous threats, you are maximizing your potential for growth. Get your FREE IT assessment today!