90% of E-Commerce Global Login Traffic Comes from Hackers

ex-NSA Hacker Detects macOS High Sierra Zero-Day Vulnerability

A report conducted by Shape Security has revealed that 90% of e-commerce login traffic comes from hackers, which once again highlights just how important that internet security is in the current technological age. Hackers are reportedly using a process called “credential stuffing”, which is a form of cyber attack whereby stolen user details are used en masse to gain unauthorized access to accounts associated with a web application via large-scale login attempts.

Credential stuffing is becoming a growing problem due to the fact that many users currently use the same passwords for a wide variety of different sites; naturally, this makes hackers’ lives much easier and is the reason you are advised to use different details for every site you visit and change your password as often as possible.

It’s estimated that these attacks are successful around 3% of the time, with this type of fraud costing the e-commerce industry around $6 billion a year, whilst the airline and hotel sectors lose out on around $700m a year due to the theft of loyalty points and other bonuses offered to repeat customers. The most proficient hackers are well known for being very particular with regards to the kinds of businesses they target but in the main, it follows that the more lucrative the opportunity, the more chance there is of some sort of cyber attack.

Are Hackers Targeting Real Money Sites More?

When you consider that 90% login traffic that e-commerce sites receive from hackers compared to the 60% figure cited in the airline and banking industry, it would appear that cyber-criminals believe real money sites represent their best opportunity to score some cash. It, therefore, follows that companies such as Amazon and Paypal are targeted more than most due to the fact that customers are often required to link their debit cards or bank accounts directly to their online profile in order to allow for a smooth transaction.

Whilst Amazon and Paypal are now considered to be two of the most secure sites on the internet, hackers are constantly coming up with new ways to bypass security measures, meaning that sites who deal in real money have to be more vigilant than most.

Amazon is one of many real money sites that has been targeted by hackers in the past

The same can certainly be said with real money gaming sites such as 888poker, where players can play poker cash games with real stakes and are required to deposit real money into their account in order to purchase virtual chips and currency. Many online casino sites have worked directly with hackers for years in order to ascertain just how easy it is to circumnavigate the sites security measures – with the growing popularity of real money Texas Hold’em poker and other poker variants, it is of the utmost importance that online casino sites have systems in place which their customers can trust and feel safe using.

It’s important to note that due to the nature of real money sites such as Paypal and online casino companies, their security measures are often the most difficult to breach and so whilst hackers tend to target them more often than most, breaching their defences represents some of the most difficult challenges on the internet. Nevertheless, hackers are essentially virtual chameleons who tend to enjoy this challenge and operate on the mantra of “high risk, reward”, which explains why real money sites have to constantly evolve in order to protect their brand integrity and customer information.

Hacker Trends on Real Money Websites

Now we’ve established that real money websites are some of the most targeted on the web, it’s now important to consider just how they manage to breach some of the most intricate defence systems.

Cyber-criminals are cunningly lazy in a strange way – they will often find the shortest possible route to their targeted destination and because of this, their methods have shifted somewhat over recent years. Back in the day (whenever that was), websites were often the target of most attacks but with the improved security associated with online poker and e-commerce sites, most now seem to prefer directly targeting users in order to obtain their login information.

The easiest way to do this is undoubtedly through the use of spam and phishing e-mails, whereby hackers redirect unsuspecting users to sites where they hand over their information without much hassle. Whilst it’s fair to say that more and more internet users are becoming clued up to this kind of attack, those who are less internet savvy such as the elderly are still liable to be conned and so education (and re-education) is important in this regard.

A post shared by Mazaliana Madla (@mazamadla) on

Phishing e-mails try to convince the user to input their login details on a phoney, external site Failing that, we are back to credential stuffing, where mass amounts of data are stolen and inputted in a scattergun type attempt to gain access to user accounts. Of course, once a hacker gains access to your account, you’re quite powerless to do anything unless you or the site in question notices any suspicious activity but by then, it can often be too late. Thankfully, most hackers still need to leave some sort of trail which often leads back to them – most will try and register an additional e-mail address to the account in order to wire money and this will be enough to get the attention of the site in question.

As Long as the Internet Exists, So Will Hackers

In an ideal world, all of these verification codes and added security measures when logging into your various accounts would be a thing of the past. However, the reality of the situation is that whilst you’re still spending your hard earned money, someone else is going to want it and therefore, it’s important that you do your bit in trying to ward off hackers and cyber attacks.

Many real money sites within the online casino and e-commerce industry are working tirelessly to keep you safe but at the same time, you can help yourself by keeping your passwords strong, regularly changing them and using different login details for every site you use. If you think you’ll struggle to remember all of this different information then it’s a good idea to write these details down (yes, you can still use a pen and paper) because if you end up storing this information online somewhere and it gets stolen then you’re really in trouble aren’t you? Stay safe out there.

Julia Sowells960 Posts

Julia Sowells has been a technology and security professional. For a decade of experience in technology, she has worked on dozens of large-scale enterprise security projects, and even writing technical articles and has worked as a technical editor for Rural Press Magazine. She now lives and works in New York, where she maintains her own consulting firm with her role as security consultant while continuing to write for Hacker Combat in her limited spare time.

0 Comments

Leave a Comment

Login

Welcome! Login in to your account

Remember me Lost your password?

Don't have account. Register

Lost Password
Register