response security threat

Security Threat

Identify at Least Six Security Threats and Define with an Example

Dimension of e-Commerce Security and Why

Tool Prevention for Previous and/or Future Threats

Phishing

Any form of deception (social engineering) to gain personal/confidential information to use for financial gain. Nigerian Ambassador or Prince scam requesting money in exchange for a larger sum in return.  

Authenticity - claiming to be someone else

DMARC (Domain-based Message Authentication, Reporting, and Conformance) a method of authenticating the origin of the e-mail and allows receivers to quarantine, report, or reject messages that fail to pass its test.

Denial of Service (DoS)

Hackers flooding a website with unwanted internet traffic that overwhelm the site’s web servers, preventing normal traffic from reaching its intended destination. (Varghese, 2022)

Availability - preventing the site from function properly 

use an SaaS application to provide protection against DoS/DDoS attacks.

Credential Stuffing/Brute Force

Fraudulent programs or bots used to crack your password by trying thousands of combinations until successfully deciphering your code. 

Confidentiality - breaching of data

use strong, complex passwords not easily guessed and frequently change your passwords. Restrict user access and define user roles.

e-Skimming

Infects a website's checkout page with malicious software to steal the clients' personal and payment details. Similar to a credit card skimming device used at a gas station. 

Integrity - altering the information via unauthorized third party. 

Privacy - personal and financial information used by unauthorized person.

use third party payment sites such as PayPal to handle transactions away from the site.

Cross-Site Scripting

Malicious software injected on an e-commerce site used to access customers' cookies and computer. Can be used to phish for credentials or deface a website. (Varghese, 2022)

Authentication and privacy - compromising of a clients' information. 

Intrusion Detection/Prevention System

Ransomware

A type of malware (often a worm) that locks your computer or files to stop you from accessing them. Ransomware will often display a notice that says an authority such as the FBI, Department of Justice, or IRS has detected illegal activity on your computer and demands that you pay a fine in order to unlock the computer and avoid prosecution.(Laudon & Traver, 2021)

Confidentiality - information is being used by unauthorized individuals.  

Educate employees to be the first line of defense, restrict user accounts from adding software without permission, update all business devices, and employ backup/recovery systems. Deploy firewall and anti-malware/virus software.