The Last Hope: HTTPS Compromised by Phishing Hackers

Before you make a purchase online, you probably look at the website's URL to make sure it's secure; your customers do this too.

If there is even the slightest possibility that your e-commerce site can be hacked and their financial information stolen, customers will not make purchases on your website, crippling your business. Sites that use Hyper Text Transfer Protocol Secure (HTTPS) encrypt their customers' financial data, making their website impenetrable to hacker attacks, or so was the case.

This brings us to the latest in cybersecurity news: hackers have developed a way to use HTTPS to their advantage, in effect weakening small business cybersecurity and exploiting customers and your business.

It's for reasons like the above that cybersecurity awareness is crucial to running a successful business; it will help you to protect your e-commerce business from the nefarious dealings of the shadowy cyber hacker.

Let's take a look at how cybercriminals are bypassing HTTPS and what you can do to stop them.

How Are Hackers Gaming the System?

As consumers have been conditioned to only trust sites that have HTTPS in their URL, it's assumed that any website that has it is safe to do business with. In an interview with Threat Post, Cisco Talos team researchers Ivan Nikolaev and Anna Shirokova explained that "during [their] analysis, [they had] observed domains being used for phishing, as well as by scammers, offering fake technical support and by advertisers promoting products of questionable quality."

The researchers went on to say that the "attackers are impersonating well-known domains such as Apple.com, Facebook.com. Microsoft.com and PayPal.com, and sign phony sites they use as phishing domains, such as apple.com-133[.]com and facebook.com-secured[.]com, with legitimate certificates."

For all intents and purposes, the domains consumers are using appear real and secure. After obtaining the victim's financial information via phishing scam, the cybercriminal sells the information on the dark web to turn a profit.

It takes someone who has an understanding of the lengths cybercriminals will go to see through the phony websites. By educating yourself, your employees and your customers about how to stay safe online, you are helping your business.

How It Affects Your Business

If your e-commerce site is performing well, a cybercriminal will take notice. In late 2016 Entrepreneur Magazine reported that 4,000 cyberattacks hit small businesses per day. That's 4,000. Cyberattacks. Per. Day!

Having a robust cybersecurity plan and getting cyber insurance with CyberPolicy will help to quell the attacks and keep your business and your customers safe. However, if a cybercriminal should try and recreate your website to trick your customers into making false purchases on the infected website, you have a whole new can of worms to deal with.

Keep your customers and staff abreast of any cybercrime activity and alert them to the dangers of online shopping. Protect your website using HTTPS and by installing a web application firewall (WAF). Make sure your security applications are all up-to-date and that your admin pages are private and "un-Googleable."

Above all, make sure you have cyber insurance. Get your free rate now when you visit CyberPolicy.

© 2016-2020 CyberPolicy, Inc. All rights reserved. CyberPolicy®, "Plan. Prevent. Insure."™, and "CyberCheckup"™ are trademarks of CyberPolicy, Inc.
DBA: CyberPolicy Insurance Solutions CA License No. 0L13180
DBA: CoverHound Insurance Solutions CA License No. 0H52375