More than 100 million messages contain attachments that, if opened, install software that takes over computers, security experts say.
(Page 4 of 4)
Retailers can also protect themselves by preparing for a denial-of-service attack. The goal of hackers launching such attacks is to overwhelm a web site with bad traffic, making it impossible for legitimate visitors to access the site, which essentially means the hackers are holding the site hostage. Once their objective is achieved, the criminals will demand a ransom before they stop the attack and allow the web site to resume normal functioning.
Lately, criminals have found a new objective for denial-of-service attacks, introducing malicious programs, onto the retailer's web server to skim customer account data. "Using denial-of-service attacks as a cover for a data security breach is a very real threat and retailers need to make sure their technology partners are able to not only respond quickly to the disruption caused by the denial of service, but are able to detect any potential security breach that goes along with it," UniteU Technologies' Das says.
More often than not, retailers opt to combat the threat of a distributed denial-of-service attack (DDoS) by completely shutting down their sites until they can fix the problem. While effective, it is a short-term solution to a problem that can potentially last for days or weeks, thus alienating repeat customers and new visitors who cannot access the site. And unscheduled downtime can drive customers to a competitor's site and erode their loyalty.
"Staying operational during a DDoS attack is something retailers need to plan for, because a complete shutdown in the event of an attack can harm their business," Neustar's Young says.
Neustar has developed a web site traffic filtering service that separates bad traffic resulting from a DDoS attack from good traffic so retailers can keep their sites operational and customers happy.
Because fraud is always evolving, retailers always have to be looking out for potential threats. In the near-term, the introduction of EMV cards to the United States is likely one big danger because criminals stopped at the physical point of sale by EMV's anti-fraud technology will likely move online.
"In every market around the world where EMV has been introduced online fraud has risen dramatically while in-store fraud has dropped just as dramatically," Wooten says. "Retailers need to be prepared." That's because there are two kinds of e-retailers, he says. "Those that have been hit by fraud and will be targeted again, and those that haven't been hit yet but will be."