How Ecommerce Sites Can Avoid Social Engineering Attacks

Operating an ecommerce site is a rewarding experience. You get to build your own site, sell your own products and connect with customers daily. Not to mention that the holiday season is the prime time to make sales and earn greenbacks.

But as Cyber Monday approaches, you may see an increase in emails and messages from your customers. Be warned: not all of these communications are legitimate. Some may in fact be part of a social engineering campaign by online scammers.

Cyberattack insurance will help insulate your e-store from financial damages if you suffer one of these scams. Then again, you can avoid falling for social engineering attacks by following these tips below.

Scammers Love to Play Make-Believe

In case you don’t know, a social engineering attack is a form of cyber fraud in which a hacker pretends to be a genuine contact. This can take the form of a phony email from a business partner, an instant message from a family member or even a phone call from a customer—which is exactly why these fraudulent communications are so hard to spot.

That being said, no counterfeit is a perfect counterfeit. Keep a close eye out for various warning signs including misspelled brand names for business partners. This is not a mistake a legitimate contact is likely to make, but a hacker could.

Similarly, you should check the email address to see if it is already in your contact list. Cybercriminals can easily make lookalike addresses of friends and family members, but they won’t be able to snag the exact same one. This can be a dead giveaway if you know what to look for.

Scammers Always Want More

Another way to spot an unreliable communication is to evaluate their request. For instance, a customer might email you asking to confirm the credit card number you have on file. Now, does that sounds like a reasonable request? Probably not. If you share this information with the wrong person, that customer could be victimized by credit card theft.

You should also be wary of messages requesting that you redirect a shipping address, cancel a payment after the product has been shipped or spill the beans on someone else’s order.

The solution? Never share any personal or financial information that could be used for nefarious means with anyone.

Scammers Prey on Your Good Nature

As an ecommerce vendor, you have probably internalized the credo “the customer is always right.” If push comes to shove, it is always better to give into consumer demands. It’s better for business and your reputation, after all.

But what if hackers know about this motto, too? Well, they might be more likely to use your own good nature against you. So, if you are trying to determine whether a message is coming from a hacker or a shopper, it’s best to tread lightly.

  • Be polite, but don’t be stupid. If a customer emails you requesting their email and password combination, remind them they can simply create a new account. It’s much better than serving up someone’s private information to a cyber crook.
  • Always ask for additional information to confirm someone’s identity. If a buyer wants to change a shipping address after an order has been processed, ask them to confirm the last four digits of their card, their order number, etc.
  • Report scams promptly. If you think you have fallen prey to a hacker, be sure to report the incident to your security team, law enforcement and your cyberattack insurance provider.

With any luck, you’ll never have to file a cyberattack claim. But if your ecommerce store is victimized by cybercrime, your cyberattack insurance provider will help you get through it. Visit CyberPolicy to find the perfect insurance plan for your small business.

Insurance shopping simplified

Review personalized quotes, select coverages, and buy online - Everything insurance, all-in-one-place.
© 2010 - CoverHound LLC - All rights reserved.
PO Box 9070, Carlsbad, CA. 92018-9070
CyberPolicy®, "Plan. Prevent. Insure."™, and "CyberCheckup"™ are trademarks of CoverHound LLC
DBA: CoverHound Insurance Solutions - CA License No. 6005304