December 15, 2004 4:00 AM PST
Net stores get ready for Santa cons
- Related Stories
Zafi worm purports to be Christmas greetingDecember 14, 2004
Spam-happy shoppers love stolen softwareDecember 10, 2004
With holiday season half over, Web sales on trackDecember 10, 2004
Password imperfectDecember 9, 2004
Judge raps eBay over fraudDecember 7, 2004
Report: Cost of phishing not so highDecember 1, 2004
The only problem: Koenig had no idea what they were talking about.
Cybercriminals had used her online gift store in a "phishing" scam, which set up a fake version of the site to try to extract visitors' credit card information. An e-mail enticed victims to the fake site by telling them they had a prize. The lure was a free Hewlett-Packard laptop computer.
"We got at least 10 to 20 phone calls and e-mails from people wanting to confirm they'd won the computer. It was a situation that could have hurt our brand, reputation and sales, if we didn't return those calls and e-mails," said Koenig, founder of Cybercalifragilistic, a gift site for geeks that generates 80 percent of its annual revenue during the holiday season.
The holiday shopping season, with its boom in traffic and sales, casts a spotlight on concerns over the security of e-commerce. Online fraud is becoming more professional as organized crooks begin to flex their muscle in digital scams. But major retailers and services providers have become more savvy too, bolstering security all year round. That leaves midsized and small Web stores as possible prey of criminals.
Those small businesses have more to lose, in credibility and income, from attacks. "This is the kind of thing you don't want to happen any time of the year--especially (not) during the holidays, when it's the busiest time of the year," Koenig said.
Online retailers are expected to generate about 30 percent of their overall revenue for 2004 in November and December, according to figures from research firm Jupitermedia. That adds up to about $20 billion in holiday sales.
"Fraud activity increases with the level of volume activity to the site," said Trevor Healy, VeriSign's vice president of payment services. "There's a belief in the fraud community that retailers may not be as vigilant during the holidays because they're busy filling orders and getting their holiday sales out."
That traffic plays a part in one fraud scheme, in which criminals use a large number of stolen credit card numbers to make purchases on one site, to make sure those numbers are valid. The fraudsters then use those cards to buy goods at another e-commerce business. Another credit card scam that is increasingly popular, Healy noted, has corrupt employees issue refunds on numbers that don't exist.
Credit card fraud, phishing and denial-of-service (DoS) attacks linked to extortion are the security threats that have online businesses most worried, security analysts agree.
"If you are looking for opportunities to defraud a merchant, you are going to look downwards in order to find those that are susceptible to fraud," Banks said.
Koenig and her small online business are familiar with the dangers of DoS attacks. Back in 1996, Cybercalifragilistic suffered an outage for a couple of days during the holiday spending season after its Internet service provider, WebCom, was hit with a flood of data that swamped its servers.
"It cost our company 20 percent of our holiday sales," she recalled. "This happened during the pioneering days of the Internet, and the attack was to protest commerce on the Internet."
Carrie Johnson, an analyst with Forrester Research, noted that the retailers most likely to lose customers from a DoS attack are those
Page 1 | 2
1 commentJoin the conversation! Add your comment