--:-- --
↓ Scroll for more

Unit 4.2

Major E-commerce Security Threats

IT 204: E-Commerce

Learning Objectives

By the end of this chapter, you will be able to:

  • ✅ Identify the major security threats in e-commerce.
  • ✅ Define malware, phishing, and denial-of-service attacks.
  • ✅ Recognize the signs and impact of common cyber attacks.

The E-commerce Threat Landscape

The digital environment is filled with threats that can compromise an online business. Understanding these is the first step toward effective defense.

  • 🎯 Threats target valuable data (customer info, payment details).
  • 🎯 Attacks can disrupt business operations, leading to financial loss.
  • 🎯 Security breaches erode customer trust and damage brand reputation.

Threat 1: Malicious Code (Malware) 🐛

Malware: Software designed to harm or disrupt computer systems, steal data, or gain unauthorized access.

Viruses

Attach themselves to clean files and spread through the system, often corrupting data.

Worms

Self-replicating programs that exploit network vulnerabilities to spread to other computers.

Trojan Horses

Disguised as legitimate software to trick users into installing them, creating a backdoor for attackers.

Threat 2: Phishing 🎣

Phishing: A social engineering attack using fraudulent emails or websites to trick users into revealing sensitive information.

How It Works

  • Impersonates a trusted entity (bank, e-commerce site).
  • Creates a sense of urgency or fear.
  • Directs user to a fake website to enter credentials.

What Attackers Want

  • Usernames & Passwords
  • Credit Card Numbers
  • Bank Account Details
  • Personal Identifying Information

🔍 Anatomy of a Phishing Email

Example: "Urgent Action Required"

From: NpBank Support <support-np@security-update.com>

Subject: Security Alert: Your Account Has Been Limited

Dear Valued Customer,

We detected unusual activity on your account. For your protection, we have temporarily suspended it. Please verify your identity immediately to restore access.

Click here to login and verify your details.

Thank you,
The NpBank Security Team

  • Red Flag 1: Non-specific greeting ("Valued Customer").
  • Red Flag 2: Suspicious sender email address.
  • Red Flag 3: Creates a false sense of urgency.

Threat 3: Denial-of-Service (DoS) Attacks ⚡

DoS Attack: An attempt to make a website or network resource unavailable to its intended users by overwhelming it with a flood of traffic.

Denial-of-Service (DoS)

  • Single source of attack traffic.
  • Aims to exhaust the server's resources.
  • Relatively easier to block by identifying and filtering the single source IP.

Distributed DoS (DDoS)

  • Traffic comes from multiple sources (a "botnet").
  • Much larger scale and harder to defend against.
  • Difficult to distinguish legitimate user traffic from attack traffic.

Other Significant Threats 📊

Data Breaches

The unauthorized access and theft of sensitive, protected, or confidential data. This can include customer credit card information, personal details, and business secrets.

Impact: Severe financial loss, regulatory fines, and catastrophic reputational damage.

Cybervandalism

The act of electronically defacing an existing website's pages, changing content, or even deleting the entire site. The motivation is often to disrupt business or make a political statement.

Impact: Erodes customer trust and can cause immediate loss of sales.

🇳🇵 Practical Application: Threats in Nepal

Nepali e-commerce businesses and consumers face a growing number of security challenges.

  • Phishing & Social Engineering: Attacks are increasingly common, targeting customers of banks and popular digital wallets like eSewa or Khalti to steal credentials.
  • Data Breaches: High-profile incidents highlight the vulnerability of local systems.

    Real-World Example: In 2017, a major Nepali ISP suffered a data breach that exposed the personal information of over 1.5 million customers.

  • Malware: A persistent threat used to steal sensitive business data, disrupt operations, and damage a company's hard-earned reputation.

Key Takeaways 🎯

The primary e-commerce threats are malicious code (malware), deceptive phishing attacks, and overwhelming DoS/DDoS attacks.

Phishing is a form of social engineering that preys on user trust to steal credentials and financial information.

A DoS/DDoS attack's goal is to shut down a website by flooding it with more traffic than it can handle, making it unavailable to legitimate customers.

🗣️ Discussion Questions

  1. What are the common signs that an email might be a phishing attempt?
  2. Why would an attacker launch a denial-of-service attack against an e-commerce website?
  3. What is the key difference between a DoS and a DDoS attack, and why does it matter for defense?

Thank You

Next Up: Unit 4.3 - Technology Solutions for E-commerce Security

Course Home | Unit 4 Overview