7 Common E-Commerce Web Attacks
The Financial Consequences of Malicious Hackers and Bots Are Significant
The shift away from brick and mortar stores to e-commerce has been seismic. As retailers are in near-constant flux, adjusting their businesses and processes to the ever-changing consumer, they must also adjust their business processes and utilize technology to thwart hackers and their tools as they continually look for system vulnerabilities to exploit.
The financial consequences of malicious hackers and bots cannot be overstated. Businesses, even huge retailers with solid infrastructure, have been crippled by little more than a guy and a laptop. How might these hackers target your business?
The 7 ways that bots are attacking retailers are:
- Account takeover
- Fake user creation
- Marketing fraud
- Content theft
- Checkout abuse
- Inflated traffic
Account takeover relies either on a brute force approach, trying many combinations of usernames and passwords on a popular login page, or on stolen login combinations. The bad news: the brute force method is astoundingly successful, in large part because many users choose passwords that are foolishly obvious.
This bot attack tried 5 million combinations per day, which suggests it broke into about 400,000 accounts daily. Once an account was taken over, the hacker had instant access to any stored credit card data and personal information of the real account owner.
Fake user creation may not sound nefarious, but it can be devastating. Minor consequences can include lost revenue when a fake account is used by a person to collect a discount code or to get another thirty days of free movie streaming. But hackers use this on an entirely different scale, amassing millions of fake users, effectively giving them control over a large army of registered (though fake) users on your website.
One danger is DDoS via hoarding. For example, a hacker with thousands of what look like legitimate users reserves all of the cars that a particular rental car company has in a given city, but never ultimately rents the vehicles, causing massive disruption, confusion and lost revenue.
Carding, or theft of gift card balances, is a significant problem. Attackers understand the number structure of gift cards and may try many millions of combinations to break into a gift card account and then steal the balance.
With 93% of Americans giving or receiving a gift card every year, there is plenty of rich, low-hanging fruit here for thieves. This erodes customer confidence in both the brand and the brand’s ability to secure personal information.
Marketing fraud poses a serious threat to e-commerce and media businesses. Ever since companies began paying for clicks and traffic, criminals have had a motive to generate bogus traffic, so they can charge for the clicks and traffic. Marketing fraud has existed since the late 1990s but has evolved significantly.
Content theft often takes the form of scraping. If you own a commerce site, your competitors want your pricing, your current inventory, and your SEO-optimized product descriptions. If you own a news outlet or media content site, hackers want to steal your proprietary and confidential content and post it on third-party sites as their own.
This content theft can put you at a competitive disadvantage and dilute the optimization and ranking of original content you paid to have created, thus wasting your marketing dollars and dulling your competitive edge.
Checkout abuse is what happens when you try to buy a high-demand product online, like the latest Air Jordan sneaker or Taylor Swift concert tickets. As you know, it’s nearly impossible. Within minutes, all of the inventory is gone. Bots are behind almost all of these near-instant purchases. The perpetrators hoard and then resell their inventory on the secondary market for huge profits.
They create a scarcity by hoarding products and then exploit the scarcity by scalping, making huge profits on your products, whether they’re sneakers on eBay or heavily marked up concert tickets on StubHub. This distortion of the efficient, natural marketplace causes a range of problems for both retailers and consumers. For the retailer, it damages consumer trust and business profitability over the long term.
Inflated traffic happens when bad bots visit your site and are designed to disrupt your business either for financial gain, competitive advantage or simply because they can.
Their methods are also becoming more and more complex and resistant to detection. It is estimated that over 50% of typical traffic on an e-commerce site is actually driven by bots. That volume illegitimate traffic means that most current e-commerce sites are hugely overbuilt. They don’t need the computing power they are currently using for legitimate traffic. Instead, they are accommodating a huge chunk of traffic that contributes zero to their bottom line. In fact, the retailer is paying to lay the pathways for hackers and bots to disrupt their business. This drives up the cost of doing business and the huge flow of traffic also makes it harder to find the bad actors.
Getting & Staying Ahead in the Bot Race
Vulnerability to bots is, and should be, a major concern for any company doing business online, especially retailers. Though the threat is real and the risks high, technology and innovation continue to keep pace. Basically, criminals build a better bot and then we build better defenses. It can be exhausting and costly to keep up with the ever-present threat of bots, DDoS attacks and more, but it must simply become a known part and cost of doing business online. E-commerce is a huge source or opportunity for revenue and as such, must be maximized and protected.
How TechSparq Can Help Identify Threats & Opportunities
Technology is changing the apparel industry at record speed. At TechSparq, we work exclusively within the retail industry to help companies just like yours identify threats and maximize opportunities. We understand the bot landscape, the possible implications on your e-commerce business, and your bottom line.
With our industry knowledge, deep technical skills and agile approach, we can evaluate your current systems and processes to determine what threats are looming, how to continually mitigate them and how your company could be using bots to reduce cost and increase customer satisfaction.
To find out more about how the TechSparq team can reduce risk and smooth your company’s path to the future, reach out.