Security Threats of E-commerce

Most Common Security Threats of E-commerce

 Phishing

v  Deceptive online attempt to obtain confidential information

v  Social engineering, e-mail scams, spoofing legitimate Web sites

v  Use information to commit fraudulent acts (access checking accounts), steal identity

Hacking and cybervandalism

v  Hackers vs. crackers

v  Cybervandalism: intentionally disrupting, defacing, destroying Web site

v  Types of hackers: white hats, black hats, grey hats

           Hackers

v  Original hackers created the Unix operating system and helped build the Internet, Usenet, and World Wide Web; and, used their skills to test the strength and integrity of computer systems

v  Over time, the term hacker came to be applied to rogue programmers who illegally break into computers and networks

v  Hacker underground

 Credit card fraud/theft

v  Fear of stolen credit card information deters online purchases

v  Hackers target merchant servers; use data to establish credit under false identity

v  Online companies at higher risk than offline

v  Hannaford hack 

Spoofing: 

                     misrepresenting self by using fake e-mail address or other form of identification 

Pharming: 

                     spoofing a Web site

v  Redirecting a Web link to a new, fake Web site

Spam/junk 

              Web sites

Denial of service (DoS) attack

v  Hackers flood site with useless traffic to overwhelm network

 Distributed denial of service (DDoS) attack

v  Hackers use multiple computers to attack target network

Sniffing

v  Eavesdropping program that monitors information traveling over a network

           Insider jobs

v  Single largest financial threat

Poorly designed server and client software

Tools Available to Achieve Site Security: