SOCRadar® Cyber Intelligence Inc. | Phishing: A Growing Threat to E-commerce


Nov 24, 2021
6 Mins Read

Phishing: A Growing Threat to E-commerce

Phishing is a tactic that targets victims primarily through emails and SMS. Emails appear to be from a legitimate source, but their main objective is to steal their personal information or login credentials by using impersonation.

The disadvantages of cyberattack methods such as phishing are becoming more and more important for companies. The importance of this issue is revealed once again in the E-Commerce Landscape Report prepared by SOCRadar analysts. In this article, besides the report, we will also touch on other cyber-attack methods for the industry.

You can read the full report by clicking here.

SOCRadar Detected Almost 10,000 Phishing Domains

SOCRadar detected almost ten thousand phishing domains impersonating retail e-commerce sites like registered in 2021. Threat actors use phishing domains to lure customers and employees into stealing their credentials and accessing the company systems.

Reported phishing domains

While threat actors prefer free registrars to register these phishing domains, they also might get an SSL/TLS certificate to convince the victims about the website’s legitimacy. 

Seeing the HTTPS at the beginning of the URL with a nice padlock sign next to it gives a false sense of security to the users. SOCRadar discovered that 56% of the phishing domains impersonating e-commerce sites have a valid SSL certificate.

Phishing Still Among The Biggest Cyber Threats

In 2021, phishing is still one of the dominant attack vectors in cybercrime. According to PhishLabs reports, phishing attacks increased more than 30% over 2020, and there were twice as many attacks compared to the previous year as of September 2021.

More Elderly People Are Targeted With Phishing Methods

People over 65 were the fastest-growing segment of e-commerce shoppers in the first quarter of 2021. This segment lacks experience with phishing sites, making them an easy target for phishing attacks.

Digital-skimming, Credential Stuffing and Frauds: What Are Other Cyber Threats?

  • E-skimming or Digital-skimming

This attack refers to malicious code infecting checkout pages of e-commerce websites. These codes are challenging to detect, and they “sniff” the credit card data. Once a checkout page or a website is infected, the credit card information from every transaction will be “skimmed” without the knowledge of both trading parties. 

The common term for these kinds of threats and attacks is Magecart. Magecart is an umbrella term used to describe the hackers or groups of hackers responsible for carrying out these attacks.

Magecart, both refer to the attacks exploiting the Magento 1. x and the hacker group(s) using this method. After the Covid-19 started, e-skimming attacks rose 26 percent in 2020. 

Even so, these kinds of attacks got famous with high-value targets like British Airways, and Tupperware. Owners manage many small shop websites. These shop owners are, most of the time, not aware of best practices in cyber security. Because of this, many small shops lack software patches and updates. 

The posts in October so far set another bar with more than 14 million credit card information to be sold on the black markets. Half of them are from a single list posted on October 12.

One of the ways that actors “cash-out” stolen credit card and account info is to buy and sell less traceable gift cards. However, sometimes threat actors can steal the gift cards for the algorithm creating the gift cards.

  • Credential Stuffing
  • Credential stuffing is a technique in which attackers try lists of compromised user credentials from previous data leaks to access another system. This attack assumes that many users recycle their usernames and passwords for different services. 

    Automated bots will try all the credentials for multiple sites, creating another list of successful logins. The statistic shows that this attack has a chance of success around 0.1%.

    SOCRadar recorded 6.44 million leaked account information on the dark web most so far in 2021 only in the e-commerce industry. SOCRadar strictly monitors the black market where credit card and account information is sold in bulk.

    Radware reports 52% lower in-store traffic in Cyber Week, the five biggest shopping days of the year from Thanksgiving to Cyber Monday, compared to the same period in 2019. However, the amount spent on online shopping increased by more than 20%. During this period, shoppers spent $34.4 billion, breaking the all-time high record.

    E-commerce records were broken as shoppers spent $34.4 billion over the period, a dramatic 20.7% jump over the previous year. However, there was a thousand-fold increase in bad bot traffic to some e-commerce websites, especially on log-in pages.

    More sophisticated bots that simultaneously attempt several logins and appear to originate from different IP addresses. These bots can often circumvent simple security measures like banning IP addresses with too many failed logins.  

  • Frauds
  • A study from Juniper Research states that the value of losses due to eCommerce fraud will rise 18% this year, from $17.5 billion in 2020 to over $20 billion by 2021. A successful cyber attack could have a massive impact on the company because of the direct losses from business disruption and repair, lost future business over reputational damage, penalties from regulatory bodies like GDPR.

    Credit card fraud involves stolen payment card information (PCI). It could be a neighbor kid trying to buy the latest game using a stolen PCI found in a forum or a complicated code running thousands of stolen PCIs from the dark web to purchase batches of goods using bots to sell on the black market.

    Another form of fraud is account takeover. Attackers illegally obtain access to personal and confidential data such as passwords, control victims’ online accounts, and digital assets. Then, the malicious actor uses the control to commit illegal acts like placing bulk orders to make sellers’ inventory unavailable. Account takeover has increased since the recent data breaches.

    However, the most basic form of fraud does not involve hacking, called refund fraud. Refund fraud, a form of social engineering, consists in obtaining a refund under pretenses. For example, a consumer could try to return the used item or claim that the shipped package has never arrived.

    Most of the time, indirect and following fraud costs hurt merchants more than direct costs. Fraud increases the workload of customer support teams, leading to customer dissatisfaction.

    Discover SOCRadar® Free Edition

    With SOCRadar® Free Edition, you’ll be able to:

    • Discover your unknown hacker-exposed assets
    • Check if your IP addresses tagged as malicious
    • Monitor your domain name on hacked websites and phishing databases
    • Get notified when a critical zero-day vulnerability is disclosed

    Free for 12 months for 1 corporate domain and 100 auto-discovered digital assets.
    Try for free