Holidays are not celebrations for family, but also for data thieves
Easter is just around the corner. For very many people, the upcoming holidays mean a break and relaxation in stressful times. Even if you have agreed with your loved ones not to give each other anything, but still want to give a little something. The purchase is quite simple, possibly the partner, child or friend gives hints on what you or he wishes or one speculates on it which could well please and then it goes off: look for the product, compare prices, order and order confirmation get. Sounds relaxed and easy, doesn't it? Yes, but is it safe?
Not at all, especially the evasion of popular service providers to, supposedly, cheaper providers can be an enormous danger for your data. The consequences can be glorifying: in addition to the theft of the most sensitive data, and expensive money, the end device can also be affected, for example by ransomware. But web store providers are not free from attacks either - but everything in turn.
Dangers for operators
Especially "small" operators of websites run the risk of getting into the net of criminals again and again. This can already be the case during the purchasing process. The vast majority of small traders buy their goods on eBay. The reason for this is that eBay offers many products in bulk and the price is relatively low. This is where attackers come in, offering cheap goods, collecting the money, but never sending the goods. The money is gone and, in the worst case, so is the online store. But there are other dangers lurking in cyberspace!
Even larger operators are afraid of DDoS attacks. Which can cripple a website and make it unavailable. But what exactly is this kind of attacks and what does DDoS stand for? The last question is easily explained: DDoS stands for Distributed Denial of Service. A DDoS attack consists of several thousands, sometimes tens of thousands, of independent devices, which simultaneously call up a website and thus crash the server. They make it no longer accessible. But why do thousands of devices access a website at the same time? Did users make an agreement to have a macabre joke? Unfortunately, no. The sad truth is different, namely that many users have been infected with malware and their devices are now being misused for such a DDoS attack.
A less common attack is at least as damaging as the DDoS attack just described: the brute force attack. In a brute force attack, an attacker does everything possible to start login information. This is usually done with the help of software that tries out various combinations of email and passwords - the target of such an attack is usually the backend. If an attacker has access to a backend site, they can do whatever they want, stealing customer information or placing malicious code on the site to infect visitors.
When a website is "infected" by malware, it is called a malware infection. And such an infected website is the most common danger for e-commerce companies and their users. Malware is just an umbrella term for various types of malicious software. Ransomware, spyware, viruses, Trojans. All this raises the hairs on the back of your neck in fear. Most of these threats act in both directions, against the website operator and against the website visitors. For example, visitors to the website can get infected with ransomware and lose their data, but the online store can also fall into the hands of extortionists due to this malware.
Dangers for users
Not only the operators are in danger, of course, just the data of customers, especially personal data such as bank details, addresses are interesting for attackers. While a malware-infected site harms both sides, a site affected by a DDoS attack is simply not accessible, which is then luck of the draw. Because, if you don't get to a website, it's hard to lose your data there.
But if you find yourself on a site, you should make sure that you are on the safe side, in the truest sense of the word. A look at the imprint is always a good indication of whether it is a safe site or whether there are fraudsters behind the site. You should also make sure that the site has an SSL certificate and that the connection is encrypted. After that, the sharpened eye should go into the details: how are the products described, continuous text, keywords or not at all? Are social media channels linked, and if so, what does the hoover text say when you hover the mouse pointer over the icon. What payment terms are specified, only PayPal or others such as bank transfer, purchase on account, Klarna. What personal data should one provide, can one pay without an account? Also worth a look at Google, what can you find about the company, for example, can be found on rating platforms, can you find employees on LinkedIn, are these employees identical to the imprint?
We recommend, should you become unsure at any point in their buying process, cancel the purchase and leave the website immediately. Your data is more important than any gift. We hope we have given you a good guideline to feel safe while shopping.
Do you have any questions about e-commerce security or our services? Then please don't hesitate and contact us at firstname.lastname@example.org. We wish you and your loved ones peaceful and contemplative Easter days!
Please stay healthy,
your team from QUANTUM cyber lab AG
Contact us now