Learning Objectives

By the end of this chapter, you will be able to:

  • Identify the major security threats in e-commerce.
  • Define malware, phishing, and denial-of-service attacks.

Major Security Threats in E-commerce

Several major types of threats can affect an e-commerce site:

  • Malicious Code (Malware): Includes viruses, worms, and Trojan horses that can damage your computer, steal data, or disrupt the operation of a website.

  • Phishing: A type of social engineering where an attacker sends a fraudulent email or creates a fake website to trick a user into revealing sensitive information, such as passwords or credit card numbers.

  • Denial-of-Service (DoS) and Distributed Denial-of-Service (DDoS) Attacks: An attempt to make a website or network resource unavailable to its intended users by overwhelming it with a flood of traffic.

  • Data Breaches: The unauthorized access and theft of sensitive data, such as customer credit card information.

Summary

The e-commerce security environment is filled with threats. These include malicious code (malware) that can infect systems, phishing attacks that trick users into giving up sensitive information, and denial-of-service attacks that can shut down a website. Protecting against these and other threats is a critical task for any online business.

Key Takeaways

  • Major e-commerce threats include malware, phishing, and DoS attacks.
  • Phishing is a social engineering attack designed to steal user credentials.
  • A DoS attack aims to make a website unavailable by overwhelming it with traffic.

Discussion Questions

  1. What are the signs that an email might be a phishing attempt?
  2. Why would someone launch a denial-of-service attack against a website?
  3. What is the difference between a DoS and a DDoS attack?

Security Threats in the E-commerce Environment

There are a wide variety of security threats that e-commerce businesses face. These threats can be broadly categorized as follows:

1. Malicious Code

Malicious code, also known as malware, is a type of software that is designed to harm or disrupt computer systems. Malware can take many forms, including viruses, worms, and Trojan horses.

2. Phishing

Phishing is a type of online fraud in which criminals impersonate legitimate organizations, such as banks or e-commerce sites, in an attempt to trick people into revealing sensitive information, such as passwords and credit card numbers.

3. Hacking

Hacking is the unauthorized access to a computer system. Hackers may be motivated by a variety of factors, including financial gain, revenge, or simply the challenge of breaking into a secure system.

4. Cybervandalism

Cybervandalism is the act of electronically defacing an existing website. This can include everything from changing the text on a page to deleting the entire site.

5. Data Breaches

Common Security Threats in Nepal

Nepali e-commerce businesses and consumers are facing a growing number of security threats. Some of the most common threats include:

  • Phishing: Phishing attacks are becoming increasingly common in Nepal. These attacks often target the customers of banks and digital wallets, and they are designed to steal sensitive information, such as passwords and credit card numbers.
  • Social Engineering: Social engineering is a type of attack in which criminals use psychological manipulation to trick people into revealing sensitive information. This is a common tactic used in Nepal to gain access to social media accounts and online banking credentials.
  • Data Breaches: There have been a number of high-profile data breaches in Nepal in recent years. These breaches have exposed the personal and financial information of millions of people. For example, in 2017, a major ISP in Nepal suffered a data breach that exposed the personal information of over 1.5 million customers.
  • Malware: Malware is a major threat to e-commerce businesses in Nepal. It can be used to steal sensitive information, to disrupt business operations, and to damage a company’s reputation.