Electronic commerce in Latin America should move more than 169 million dollars in 2022, according to ABComm, which represents an increase of 12% compared to last year. The growth of sales in the digital environment also attracts the attention of cybercriminals, who improve their practices against merchants and consumers to steal and hijack data, take down online stores or defraud promotions in fake emails, messages and websites that they often install malware that steals cryptocurrencies, performs unauthorized mining and even exchanges destination addresses when the user tries to transfer a cryptocurrency
In addition to the injured consumer, an attacked or cloned virtual store can bring financial and reputational damage Of the brand. Given the possibility of scams, Cointelegraph en Español spoke with the specialist Eduardo Gonçales, CISO of TIVIT, who listed some precautions for merchants and consumers to take advantage of online purchases without headaches.
6 Tips and Warnings for Traders
Guarantee availability: Site stability is critical so that the operation works fully even in periods of increased traffic, thus preventing the store from selling due to technical problems. In addition to invest in technological infrastructure and security solutionsit is essential to protect yourself against so-called denial of service attacks (DDoS), which aim to direct a much higher volume of simultaneous accesses than normal to a certain address until it becomes congested and becomes unavailable.
explore the web: Build threat intelligence routines into your processes, or brand monitoring, to look for mentions of the company and its executives in forums across different layers of the internet, including the dark web and deep web, where all sorts of attacks are ordered and they design. With this type of scan, it is possible to detect plans to redirect your website traffic to fake internet pages or social networksthus avoiding improper or fraudulent sales of products with your brand.
Educate employees to protect their data: market research shows that the main gateways for malware used in phishing and ransomware attacks, which encrypt data in exchange for ransom value, are the employees themselves. Most of the time, due to lack of knowledge, there is carelessness in dealing with suspicious emails, connecting USB devices, accessing compromised websites, or using software with vulnerabilities. With remote work, the use of personal devices connected to the corporate network has also increased. In addition to technology and processes, raising awareness among people is one of the fundamental pillars to guarantee data security and avoid downtime during operations.
Support and validate your integrity: To minimize the risks of service interruption and ensure that data is recovered quickly and easily, it is very important to have a consistent backup system, regularly tested to validate its content and integrity, as many attacks start by compromising the backup and then affect the production environment. In addition, it is essential to have documentation with the catalog of all the servers and ensure the order of data recovery in the event of a possible disaster, reducing data recovery time.
Validate your code repositories: A new mass infection campaign on e-commerce stores is underway under the name of Hubberstorethe attack is produced from malicious JavaScript code, used to extract personal data and credit cards.
The recommendations in this case are the following:
- Keep systems up to date, including operating systems, services, and frameworks used on websites.
- Periodically review the code in your repository and production environment, looking to identify possible injections of malicious artifacts.
- Follow the best practices of secure development, a good reference is OWASP.
- Analyze logs and audit trails, preferably using a log matching system (SIEM), to identify attempts to exploit vulnerabilities.
- Deploy a multi-factor of safety (MFA) solution at key entry points and in your key code development environments, such as repositories and CI/CD (continuous integration and continuous delivery) solutions.
Control and limit access to information: Ensure that users have the least privilege and restrict access to people who really need itensuring your periodic review and recertification. The implementation of segmentation in the network minimizes the risk of an attack spreading quickly and without control, avoiding major impacts and economic losses and, finally, using a password vault solution to increase security in privileged access.
5 advice and care for consumers
Find real stores and deals. Beware of unrealistic promotions from shady websites and emails that promise prices well below market prices. See if the site has all the certificates and the security padlock, displayed in the browser baras well as the supplier’s seals at the bottom of the page. It is mandatory for the company to provide registration information, such as CNPJ, company name and registered office. Also look on sites like Posso Confiar, Claim Here and Procon to find out if the store is trustworthy.
Pay attention to the links– Do not click on links that arrive via email or messaging applications before verifying the suitability of the store. Some criminals make subtle changes to the address (URL) that go unnoticed by victims. If in doubt, enter the store address in the browser and search for the product directly.
Prefer virtual credit card: The credit card, especially the virtual one, is presented as the fastest and safest way to confirm the purchase, offering the possibility of refunding the amount in case of fraud or non-receipt of the product due to lack of stock. The PIX quickly fell into consumer favor, but has been used for many scams. Therefore, you have to be very careful, especially because of the difficulty of recovering the money in case of fraud. Payment by bank slip presents an even greater risk because there is a virus that changes the barcode of the document, diverting the payment to the criminals’ account.
Keep your operating system and browser up to date: The manufacturers themselves correct some security flaws with new versions of the operating systems. Therefore, before going shopping, keep your computer and mobile device systems updated, as well as security tools, such as antivirus and firewalls, to avoid possible malware infections while browsing.
Know your rights: In general, for online purchases you have the right to repent and return the product, in different terms according to each country.
Disclaimer: The information and/or opinions expressed in this article do not necessarily represent the views or editorial line of Cointelegraph. The information set forth herein should not be taken as financial advice or investment recommendation. All investment and commercial movement involve risks and it is the responsibility of each person to do their due research before making an investment decision.
It may interest you:
Investments in crypto assets are not regulated. They may not be suitable for retail investors and the full amount invested may be lost. The services or products offered are not aimed at or accessible to investors in Spain.