As 2020 comes to an end, businesses are scrambling to make up for the strains the pandemic has put on everyone. It's not going to be a normal holiday shopping season, with people crowded into stores and malls. The emphasis on online sales will break all records. Black Friday and Cyber Monday will merge as people look for gifts and bargains without leaving home.
Retailers aren't the only ones planning to cash in on the season. Criminals are hoping they'll get lots of presents from people who don't realize they're giving them. Presents like personal financial information and payments for scam offerings. If you're an online merchant, you need to be extra careful this time of year and keep your website well protected against malware and breaches.
Attacks such as Magecart have hit major e-commerce sites, including Newegg, Ticketmaster, and British Airways. They grab credit card information as people make purchases, yet there's no indication anything is wrong. You need the kind of top-quality protection that Quttera's ThreatSign offers to keep your site safe from malware and data theft.
It isn't just mail-order sales that are vulnerable. Buying online with pickup in the store has become popular, and it's subject to the same risks. The bad news for merchants is that if a customer picks up merchandise without presenting a card, the credit card company won't take any responsibility.
ThreatSign Website Security will give your website protection against malware and data breaches. It includes scanning, a Web Application Firewall, malware cleanup, and removal from blacklists.
Types of Risks
Online thieves have an assortment of tricks for deceiving people. These are some of the most common:
- Redirection. An infected site can redirect some visitors to a lookalike, fraudulent website. Customers, thinking they're on a legitimate merchant's site, will give their passwords and credit card information.
- Skimming. With this trick, customers make purchases normally, but the malware picks up a copy of the credit card information and sends it to the criminals' server for later use or resale.
- Phishing pages. Malware can alter or replace the content of your pages, adding phishing content that will lead visitors to a dangerous site. Usually, these alterations appear only for some users, to reduce the odds of being noticed. A common trick is to display the phishing content just to visitors who click on search engine results.
Whether or not malware directly interferes with the use of your site, it's bad for you. Google and other search engines will notice hostile content and lower your search rank. They might blacklist your site completely. Browsers will warn visitors in alarming terms that your site isn't safe to visit. Your sales will plummet.
Malware can severely slow down your pages' response time. If it takes more than three seconds for a page to load, visitors will give up in large numbers. It isn't easy to tell if your site is slow because of increased traffic or an infection.
Sources of Vulnerability
- Outdated software is a common weakness. It has bugs which the publisher has fixed, but the fixes haven't been installed. Once a fix is published, the bug is public knowledge, and criminals will look for systems that still have it. They can infect thousands of sites in a day with a single technique.
- Weak configurations mean poor protection. Weak passwords on admin accounts, the ability to upload files without authorization, inadvertently open TCP/IP ports, and inadequate firewalls are dangers. They make it easier for intruders to gain access and take over your site.
- Badly designed forms allow SQL injection and other attacks on the website. Form data needs to be sanitized to keep maliciously crafted submissions out.
- Untrustworthy plug-ins and add-ons open up weaknesses through sloppy code or intentional subversion. A site shouldn't add plug-ins just because they look interesting. Use only the modules necessary to do the job, and get them from trusted sources. Plugins to improve security are fine, provided they're legitimate.
- Phishing directed at administrators can trick them into allowing malicious software that will subvert the website. Personally crafted "spearphishing" messages sometimes deceive even experienced managers.
Methods of Defense
No single piece of protection, whether it's a firewall, anti-malware software, or two-factor authentication, is enough to make a site safe. The right approach puts multiple barriers in the way of any attack. If would-be thieves get past one barrier, they'll have to overcome others. If your site gets infected in spite of your best efforts, you need to get rid of the malware quickly and clean up the damage.
Quttera ThreatSign gives your site in-depth website protection, including:
- A Web Application Firewall to keep hostile data requests out. It can stop even zero-day threats.
- Website scanning to discover infections. The scan will discover unauthorized changes and malicious code.
- Monitoring of system activity to catch active malware. Redirects, exfiltration of data, and botnet activity will be caught.
- Reporting and removal of any threats discovered on the site. Rapid malware cleanup means fewer opportunities for threats to do damage.
- Prompt removal from blacklists, getting your site back in the good graces of search engines and browsers.
This is a holiday season like none in living memory. Demands on merchants' websites will be greater than ever, and so will attempts to break into them. Black Friday and Cyber Monday would be the worst possible time to lose business because of an infected website. With Quttera ThreatSign, the odds of getting through without damage to your site are much better.
Several plans are available to suit your budget and security needs. Talk with us to find out what the best option for your business is, or sign up today.