Online trading attracts fraudsters. How to defend yourself against them?

The Polish e-commerce market has been one of the most dynamically developing in Europe for years, so it is hardly surprising that its sales potential attracts both new players and fraudsters – experts point out. The security threat is not purely theoretical, it is a real risk that translates into real losses. The number of incidents is growing along with the entire market and this is one of the most popular industries targeted by cybercriminals. According to IBM data, the costs of handling attacks and financial losses amounted to an average of USD 4.45 million globally and as much as USD 2.96 million. in the sales and e-commerce industry in 2023** Security breaches not only generate financial losses, but also image losses.

How to protect yourself against fraud on the Internet?

One of such threats may be popular bots, i.e. automatic tools that perform specific actions on websites. Most often, we associate them with supporting business strategies – bots can download data to search engines (which improves the store's positioning), or provide product data for advertising campaigns (such as photo, price and description). However, there are some that harm instead of help. They are often used to illegally download (steal) photos and product descriptions or add negative comments. Unfortunately, there are also more dangerous ones who can create fake accounts and place orders, which may result in blocking and unavailability of products for customers.

Due to the fact that bots use increasingly advanced techniques that imitate real users, protection against them requires equally advanced and dedicated solutions. Among those provided by leading manufacturers, there are those that are able to distinguish real users based on many elements, ranging from location, information about the browser and device, to behavioral behavior – the way and speed of typing on the keyboard, cursor movements, behavior on the website, and on mobile devices, even the way the user holds the phone in his hand – says Damian Kuźma.

The use of security gaps in software that is, e.g., outdated or inadequately secured, may lead to paralysis of the operation of the store, systems or even to the leakage of customer data. An example is the “magecart” attack, which, by exploiting security vulnerabilities in the application, displays false data entry forms (e.g. payment card) to the user on the original website, and then this data is sent externally directly to criminals.

Another type of attack that should be taken into account is DDoS (Distributed Denial Of Service), which results in impeding access to the website or making it completely unavailable. This attack involves the use of hundreds or thousands of computers and servers, the so-called botnet networks that generate huge artificial traffic. Cybersecurity experts pay attention to available methods of protection against this type of attacks. You should equip yourself with a solution that will automatically redirect, filter and block unwanted traffic by the provider of such a system. After such an operation, called “cleaning”, the only traffic generated by real users reaches the application.

What is phishing?

The situation is similar with phishing, i.e. e-mails or text messages with links to fake websites, e.g. information about the required additional payment or redirection of the shipment. These types of attacks are primarily aimed at extorting data (including passwords) or money. Their victims may be both employees and customers. To illustrate the scale: in 2022, CERT Polska received PLN 322,000. reports of phishing campaigns***. Including reports of fake online stores that looked like the real thing (including operation and products) and often very similar-looking addresses****. Unfortunately, it is difficult for administrators to protect users against this, but the company can monitor the Internet itself or equip itself with appropriate tools to detect active phishing campaigns and send warnings to them.

In turn, ransomware attacks are not only the most media-friendly type of attack, but also the ones that companies fear because they generate the greatest financial losses. According to IBM's report, the average cost of handling a ransomware incident was $5.22 million if it was made public by criminals and an average of $1 million less if internal security departments or tools detected it themselves. Such an attack involves the complete paralysis of an organization by encrypting its computers and servers. It always ends with an attempt to extort money for restoring access to the infrastructure and often with threats to share internal company or customer data. Unfortunately, paying the ransom does not always mean that the stolen data will not be published.

There are XDR (Extended Detection & Protection) solutions that help prevent this type of attacks. Their task is to actively monitor the infrastructure in order to recognize and block threats. Combined with SIEM (Security information and event management) systems, security departments gain a unified view of all threats and incidents in the organization, which allows for an even faster response – says Damian Kuźma, Cybersecurity Specialist HackerU Polska. After an attack, the first step is to conduct a full post-intrusion analysis to determine how the attacker entered the company and to ensure that they will not be able to exploit the same vulnerabilities again. To perform such an analysis, we will need insight into the activity history of our network, servers and workstations. Unfortunately, many organizations do not have appropriate tools to collect such data, adds Kuźma.

How to protect yourself on the Internet?

Different threats require different preventive methods. This is due to the high level of sophistication of attacks and there is no single dedicated solution that will provide protection against everything, and none will provide it 100%. Therefore, improving security in an organization involves implementing multiple layers of protection for each critical part of the infrastructure. When choosing a solution, you should pay attention primarily to the experience of the company offering a given solution, references, and the simplicity of using the provided tools. It is also worth checking whether they use artificial intelligence and machine learning solutions, which are very useful in detecting more complex attacks and anomalies.