Ecommerce was a promising platform and a new way of doing business that was growing at a steady pace. However, in the past year, it has boomed like any other form of business and with unexpected growth, there come unexpected risks as well. The current risk to ecommerce at the time is a new cyber theft group known as Proxy Phantom. This group is using old tricks to take over customer accounts of all ecommerce businesses.
The standard ecommerce platform security doesn’t work well against this group and as per the latest research from the Digital trust and safety firm, it is clear that all ecommerce businesses need to double down on fraud protection. The risk of fraud is increasing every day and as the holidays are near, more buyers will be shopping. Thus the increase in the risk of hacker’s attacks.
The Proxy Phantom group uses a massive cluster of interconnected IP addresses to carry automated credential stuffing attacks that are used for baking up user accounts from merchant’s websites. The group used about 1.5 million stolen usernames and passwords to invade the ecommerce businesses by bot-based 2,691 logins per second. After investigation, it was found that the incoming traffic was coming from different locations.
These attacks prove that hackers will never stop devising new strategies and improving their fraud methods to harm businesses. Therefore, the only way to avoid these attacks is by strengthening ecommerce platform security.
Hackers Emerged in The Pandemic:
According to Sift’s report, it was revealed that customer account takes over attacks increased from April 2019. It was the time when stay-at-home orders were passed to avoid the threat of Covid-19 up until June 2021. So far researchers haven’t been able to figure out the size or location of this fraud group.
Finding the location of this group is difficult, as they use Virtual Private Network (VPN) to disguise their location. Credential stuffing attacks is an old trick but this group has made some improvements to their arsenal.
Credential stuffing is a quite common technique but combining it with automated massive rotating IP addresses is something new that can be difficult to prevent. The constantly changing IP addresses make it challenging for businesses to block these attacks.
Fracturing Brand Reputation:
The constant attacks that took place from the year 2020 to 2021 undoubtedly fractured the reputation of several brands. People abounded brands if anything went wrong resulting in a hindered reputation and low business for brands. Approximately 74% of the customers agree that they would never shop from a website or app if their account was blocked or they faced any attacks on their digital wallets.
Account takeover attacks are lethal for a brand, as they can jeopardize brand loyalty. Brands must increase their ecommerce security, especially before the holiday strikes. The massive surge of traffic will allow fraudsters to easily pass under the radar.
Financial Services in Trouble:
From the year 2020 to the year 2021, financial service institutions were in serious trouble because of the ATO attacks. The attacks were primarily targeting cryptocurrency exchanges and digital wallets of customers to transfer payments or make illicit purchases through the accounts.
The need for securing financial service sites was more than any other, as they were at the most risk or ATO. Fraudsters scared almost 850 financial sectors and can strike again with better techniques and innovations. Therefore, the need for ecommerce security is a crucial one.
Effects on Brands and Customers:
The effects of ATO attacks from Proxy Phantom were devastating for brands as well as customers. Brands were terrified of these attacks and they had no other option to generate revenue at the time. Whereas, customers could not carry online purchases while feeling secure.
Approximately 48% of the accounts were prey to ATO attacks and had their accounts stolen 2 to 5 times. Brand loyalty was also compromised, which led to brands facing an exponential drop in sales and customers not feeling safe in online purchasing.
A fair ratio of 45% had their money stolen from their digital wallets as a result of ATO attacks. At the same time, around 42% of customers had credit or debit card credentials, that were used to make unauthorized purchases and 24% of customers lost their reward and gift points to these attacks.
One of the worst impacts of ATO attacks was that almost 19% of the people are unaware of their accounts being takeover by fraudsters, which might cause several consequences. People have developed trust issues when buying from ecommerce websites r applications which is a considerable loss to all ecommerce businesses around the globe.
Conclusive Thoughts:
Ecommerce was introduced as a way of providing a business model that allows people to make purchases online with comfort and convenience. However, Account Takeover (ATO) attacks have made it very difficult for people to adapt to ecommerce buying, and as result brands have lost enormous money and value.
The new cyber-theft group known as Proxy Phantom is using old methods with new and improved techniques to target online merchants. This group has managed to hinder the brand reputation, customer trust, and the entire point of the ecommerce business in the past year. Therefore, businesses are now required to improve ecommerce platform security in order to avoid ATO attacks. Making improvements just once isn’t enough for ecommerce businesses, as the fraudsters are improving their techniques, brands need to be on their toes at all times and constantly look for better security measures.