2Botnets and Distributed Denial-of-Service Attacks
3App Store Fraud
4Mobility Use Case
6Testing Stolen Credit Cards
A fraudster does an end-run around an online retailer’s pricing policy. He selects a heavily discounted item, places it in the shopping cart, and then delays the check-out. He comes back to the cart later after obtaining an e-coupon and applies the discount to the final purchase price, thus obtaining the item well below the retailer’s cost.
A successful spear-phishing scam results in a cyber-criminal obtaining the usernames and passwords of a merchant’s customers. Customer account information was compromised because the retailer’s employees were duped by what appeared to be a legitimate internal company email communication. The cyber-criminal launched the campaign by obtaining key employee email addresses directly from the retailer’s Website.
A merchant expands customer payment options to include Internet payment methods such as PayPal, Google Wallet, Amazon Checkout and others. A criminal looking for Websites that have recently added Internet payment processes identifies this site and exploits any lack of fully implemented security controls.
A cyber-criminal creates a fake Website that imitates a legitimate company’s Website. Loyal and prospective customers are lured to this bogus Website, where they are asked to provide personal information to register for a promotion or offer. This leads to the theft of sensitive information such as credit-card numbers and addresses.
11How to Prepare
To combat attacks during the holiday shopping season, prepare your site by ensuring that you have visibility into attack types such as DDoS at both the network and application layers to maximize your return-on-investment on your Web application. Also, a mixture of navigation and network security is required to properly mitigate these costly attack vectors. Merchants should also monitor the use of all entry points to their site, especially at times of high volume.