Cyber-Crimes Likely to Surface During Holidays: 10 Common Scenarios

 
 
By Chris Preimesberger  |  Posted 2013-12-13 Email Print this article Print
 
 
 
 
 
 
 
 

A successful holiday shopping season often means the difference between black and red ink on the bottom line for an online business. In an October 2013 study conducted for RSA Security by the Ponemon Institute, respondents reported an average 55 percent boost in daily revenues during high-traffic periods like the last two months of the calendar year. However, the holidays also bring a corresponding spike in cyber-crime, and a company's inability to safeguard its Website can come with a high price tag. In fact, the Ponemon study found that, on average, losses for midrange and larger companies can amount to $500,000 per hour of downtime—or $8,000 for every minute purchases are prevented from being completed. While 64 percent of organizations see significant increases in attack activity at this time each year, nearly 70 percent do not take additional precautions in anticipation of increased attacks. Using research from the Ponemon study, eWEEK examines the cyber-crime scenarios online businesses should watch out for during the holidays.

 
 
 
  • Cyber-Crimes Likely to Surface During Holidays: 10 Common Scenarios

    by Chris Preimesberger
    1 - Cyber-Crimes Likely to Surface During Holidays: 10 Common Scenarios
  • Botnets and Distributed Denial-of-Service Attacks

    It is probably the most common type of cyber-attack: A retailer is targeted by a botnet, and this results in a DDoS attack that brings down the retailer's website or sites.
    2 - Botnets and Distributed Denial-of-Service Attacks
  • App Store Fraud

    A cyber-criminal masquerades as a merchant and a buyer, and manipulates the open platform of an app store/marketplace for financial gain. The fraudster cashes in on rebates and earns points from credit card incentive programs.
    3 - App Store Fraud
  • Mobility Use Case

    An online merchant looks to expand through mobile platforms and allows customers to access its Websites through smartphones and tablets. Customers are exposed to data-stealing malware that infiltrates their mobile devices and captures account access credentials, which criminals then use or sell.
    4 - Mobility Use Case
  • Click Fraud

    An online retailer hires an agency to conduct an online advertising campaign. The agency is paid on a "per-click" basis. However, an outsider with the agency's access enters multiple thousands of clicks that turn out not to be the paid clicks from interested consumers.
    5 - Click Fraud
  • Testing Stolen Credit Cards

    A cyber-criminal steals hundreds of credit card numbers and uses a merchant's credit or debit payment function to validate active credit cards.
    6 - Testing Stolen Credit Cards
  • Manipulating E-Coupons

    A fraudster does an end-run around an online retailer's pricing policy. He selects a heavily discounted item, places it in the shopping cart, and then delays the check-out. He comes back to the cart later after obtaining an e-coupon and applies the discount to the final purchase price, thus obtaining the item well below the retailer's cost.
    7 - Manipulating E-Coupons
  • Account Hijacking

    A successful spear-phishing scam results in a cyber-criminal obtaining the usernames and passwords of a merchant's customers. Customer account information was compromised because the retailer's employees were duped by what appeared to be a legitimate internal company email communication. The cyber-criminal launched the campaign by obtaining key employee email addresses directly from the retailer's Website.
    8 - Account Hijacking
  • Electronic Wallet

    A merchant expands customer payment options to include Internet payment methods such as PayPal, Google Wallet, Amazon Checkout and others. A criminal looking for Websites that have recently added Internet payment processes identifies this site and exploits any lack of fully implemented security controls.
    9 - Electronic Wallet
  • Mass Registration

    A cyber-criminal creates a fake Website that imitates a legitimate company's Website. Loyal and prospective customers are lured to this bogus Website, where they are asked to provide personal information to register for a promotion or offer. This leads to the theft of sensitive information such as credit-card numbers and addresses.
    10 - Mass Registration
  • How to Prepare

    To combat attacks during the holiday shopping season, prepare your site by ensuring that you have visibility into attack types such as DDoS at both the network and application layers to maximize your return-on-investment on your Web application. Also, a mixture of navigation and network security is required to properly mitigate these costly attack vectors. Merchants should also monitor the use of all entry points to their site, especially at times of high volume.
    11 - How to Prepare
 
 
 
 
 
 
 
 
 
 
 

Submit a Comment

Loading Comments...

 
Manage your Newsletters: Login   Register My Newsletters























 
 
 
 
 
 
 
 
 
Rocket Fuel