| Security Threat | Identify at Least Six Security Threats and Define with an Example | Dimension of e-Commerce Security and Why | Tool Prevention for Previous and/or Future Threats |
| Phishing | Any form of deception (social engineering) to gain personal/confidential information to use for financial gain. Nigerian Ambassador or Prince scam requesting money in exchange for a larger sum in return. | Authenticity – claiming to be someone else |
DMARC (Domain-based Message Authentication, Reporting, and Conformance) a method of authenticating the origin of the e-mail and allows receivers to quarantine, report, or reject messages that fail to pass its test. |
| Denial of Service (DoS) | Hackers flooding a website with unwanted internet traffic that overwhelm the site’s web servers, preventing normal traffic from reaching its intended destination. (Varghese, 2022) | Availability – preventing the site from function properly | use an SaaS application to provide protection against DoS/DDoS attacks. |
| Credential Stuffing/Brute Force | Fraudulent programs or bots used to crack your password by trying thousands of combinations until successfully deciphering your code. | Confidentiality – breaching of data | use strong, complex passwords not easily guessed and frequently change your passwords. Restrict user access and define user roles. |
| e-Skimming | Infects a website’s checkout page with malicious software to steal the clients’ personal and payment details. Similar to a credit card skimming device used at a gas station. | Integrity – altering the information via unauthorized third party. Privacy – personal and financial information used by unauthorized person. |
use third party payment sites such as PayPal to handle transactions away from the site. |
| Cross-Site Scripting | Malicious software injected on an e-commerce site used to access customers’ cookies and computer. Can be used to phish for credentials or deface a website. (Varghese, 2022) | Authentication and privacy – compromising of a clients’ information. | Intrusion Detection/Prevention System |
| Ransomware | A type of malware (often a worm) that locks your computer or files to stop you from accessing them. Ransomware will often display a notice that says an authority such as the FBI, Department of Justice, or IRS has detected illegal activity on your computer and demands that you pay a fine in order to unlock the computer and avoid prosecution.(Laudon & Traver, 2021) | Confidentiality – information is being used by unauthorized individuals. | Educate employees to be the first line of defense, restrict user accounts from adding software without permission, update all business devices, and employ backup/recovery systems. Deploy firewall and anti-malware/virus software. |
References:
Laudon, K. C., & Traver, C. G. (2021). e-Commerce 2021: Business, technology, and society (16th ed.). Pearson.
Varghese, J. (2020, March 9). 10 e-commerce security threats that are getting stronger by the day! Astra Security Blog. Retrieved June 1, 2022, from https://www.getastra.com/blog/knowledge-base/ecommerce-security-threats/
Response Security Threat