Online shopping

Cybersecurity in the era of regular online shopping

In today’s world, there has been an explosive growth in online shopping. Prior to the lockdown, there were options for in-store shopping and window shopping. Due to COVID 19, online shopping has grown tremendously. This has accelerated the shift towards online shopping and triggered changes in the consumers’ behaviour that are likely to have longlasting effects. It has become a Go-To option as people don’t only use it to buy clothes but also use it for their daily necessities.

Even the people who are not aware of online shopping have learned it and adapted this new change. Since online shopping has increased drastically, there has been an increase in online transactions too. Thus, the possibility of the transactions being intercepted and used for fraudulent purposes has also taken a pace that further paves the way to a rise in cyberattacks. There are different types of cyber-crimes and techniques that the attacker uses to hijack the users’ information.

Black hat technique is one such technique used for a specific target audience who frequently shop online. The attacker usually tends to manipulate the user via a link where their credentials can be stored through which a Phishing link is generated. For example, if you are a frequent online shopper at Amazon, you will get a phishing email or text message that gives you exciting offers further luring the consumers to shop. When the user clicks on the link, it looks similar to that of the Amazon website, but it won’t be the actual website.

If you carefully notice it, there will be a slight change in the spelling mistake, alphabetic characters or the digit on the site that is actually misleading. After adding the required items to your cart, you will be asked to enter your details, but you won’t be able to shop further. By that time, your data and credentials will be captured in the backend and sent to the attackers. The same account will then be sold by the attacks on dark web or buy/sell anything from the account using the Amazon pay wallet. The attacker will also have access to the order history of the user and his privacy will further be stolen by them. There are some attacks wherein a fraudulent website is created and duplicate items are sold. For example, one can purchase a phone from phishing sites at a very cheap rate.

For example, a mobile phone will be available at as less as $15. Additionally, some sites are built to capture the user’s financial details that will give a step by step approach to complete the order. It may look like your order is shipped but instead; your financial details are captured by the attackers. There are various malicious attacks wherein the link itself is malicious, especially when you click and enter it. The malicious script will then run in the background and download a 3rd party application that you may not be aware of, further taking control of your computer.

This may result in virus infection, malware infection and ransomware infection which ultimately results in cyber extortion that may vary as per the motive of the attacker. There is also ransomware wherein the user randomly clicks on the link that automatically gets downloaded, but only starts functioning when the computer is restarted. In some cases, it takes 10 days or so wherein the attackers observes, analyses the behaviour and gathers information about the important data. A user is recommended to install a paid total security solution that works as an anti-spying or anti-hacking tool and detects malicious websites instantly.

Whenever you are browsing, make sure you use browsing protection too. You can use Anti-phishing solutions to check whether the link is a phishing link or not. Because there are two different types of links i.e. fraudulent link and phishing link. Phishing links will steal your credentials while fraudulent links will collect more and more information and provide you with fake information and will continue doing so until needed. Anti-phishing solutions also detect malware and malicious files that are coming through malicious websites.

One should also set up a 2- step authentication and always change the password every 15 days or on regular basis. The password strength should be strong instead of just alphanumeric and special characters. Whenever you are operating an unknown computer system or going to a cyber café, you are recommended to use a virtual keyboard. If there are malwares like keyloggers installed in the system, all the data can be captured and sent to the attackers. Hence, it is always safe to use virtual keyboards on unknown devices and use key encrypted solutions.

Never believe or click on fake and fraudulent offer links that come on the email id. You should always check whether the email is from known sources or not because sometimes the links are genuine but the email received will be from a different domain/Email ID. Nowadays, E-wallet apps have also launched their own e-commerce websites. For instance, Paytm also has an E-commerce website – Paytm mall. If your e-commerce website is compromised, your e-wallet app can be also compromised which further leads to your bank account details being hacked by the attacker.

When you Google the nearest food outlets, there will be a few famous outlets that will come on the top. The attacker will then use the SEO technique and bring the outlet’s unofficial link on the top. As a user, you will click on the link and then the website will ask you to pay a certain amount to book a table. If you authorize the transaction, they can steal and withdraw a higher amount too. You will be under the assumption that you have booked the table from the official site but in reality, you are manipulated by a fake website. There were no COVID 19 vaccines launched but there were fake vaccines sold on the dark web. The dark web is another part of the internet wherein people try to sell the vaccines through various untraceable links and the users tries to purchase them online but fails later. So, beware of such sites and before purchasing anything from the site. You should first ensure if it’s a genuine website or not by confirming the domain details and its reviews.

By Nikhil Mahadeshwar, Co-founder and CTO, Skynet Softtech Pvt. Ltd. 

Leave a Reply

Your email address will not be published. Required fields are marked *