Preventing Top E-Commerce Threats During Pandemic-Driven Growth

The e-commerce company was facing two major types of phishing attacks, one against its customers and one against its employees. Attackers were registering new domains, impersonating the main domain, and sometimes registering 50 domains in a single day. 10% of these domains were observed to be used for social engineering attacks against employees to infect corporate networks or employees’ devices. The company has been providing continuous training and phishing simulations to prevent this. However, 90% of these domains were observed to target customers outside their perimeter to steal their credentials or sell illegal goods using the brand name. When attackers successfully perform the attack, the company’s costs include the reimbursement of stolen loyalty points, time to regain customers’ trust, and handling the customers’ complaints, which can often extend to social media.

Type: Case Study

Year: 2020