Six tips to avoid scams during internet sales

Brazilian e-commerce is expected to move more than 234.9 million reais in 2025, according to ABComm, which represents a high of 15% compared to last year. The growth of sales in the digital environment attracts the attention of cybercriminals, who improve their practices against retailers and consumers in order to steal and hijack data, take down virtual stores or promotions in emails, messages and fake websites.

In addition to the negative impact on the consumer, a virtual store attacked or cloned can bring financial losses and the reputation of the brand. Faced with the possibility of scams, the specialist Eduardo Goncales, CISO of TIVIT, a Brazilian multinational that connects technology for a better world, lists some precautions for shopkeepers to sell without headache:

Ensure availability The stability of the site is essential for the operation to work fully even in periods of increased traffic, thus preventing the store from selling because of technical problems. In addition to investment in technological infrastructure and security solutions, it is essential to protect against so-called denial of service (DDoS) attacks, which aim to direct volume of simultaneous accesses far above normal for a given address until it is congested and unavailable.

Explore the web & Include in your processes routines of threat intelligence, or brand monitoring, in order to search mentions about the company and its executives in forums at the different layers of the internet, including the dark web and deep web, where all types of attacks are ordered and architected. With this type of scan, it is possible to detect plans to redirect traffic from your site to fake web pages or social networks, thus avoiding improper or fraudulent sale of products with your brand.

Awareness employees to protect their data & & Market research indicates that the main entry doors to malwares used in attacks by phishing and of ransomware, which encrypt the data in exchange for a ransom value, are the employees themselves. Most often, due to lack of knowledge, there is carelessness when dealing with suspicious emails, connection of USB devices, access to compromised websites or use of software with vulnerabilities. With remote work, also increased the use of personal devices connected to the corporate network.In addition to technology and processes, people's awareness is one of the essential pillars to ensure data security and not suffer from the paralysis of the operation.

Perform backup and validate your integrity 2. With the objective of minimizing the risks of interruption of services and ensuring that data is recovered quickly and easily, it is very important to have a consistent backup system, tested periodically to validate its content and its integrity, since many attacks start compromising the backup and then impact the production environment. In addition, it is essential to have a documentation with the catalog of all servers and ensure the order of recovery of data in a possible disaster, reducing the recovery time of data.

Validate your code repositories 2 A massive infection campaign in e-commerce stores is underway under the name of Hubberstorethe attack is based on malicious JavaScript code used to extract personal data and credit cards. 

The recommendations in this case are as follows:

1. Keep systems up to date, including operating systems, services and frameworks used on the sites.
2. Periodically review the codes in your repository and production environment to identify possible injections of malicious artifacts.
3. Follow the best practices of safe development, a good reference is OWASP.
4. Analyze logs and audit trails, preferably using a system of correlation of logs (SIEM), with the aim of identifying attempts to exploit vulnerabilities.
5. Deploy a multiple security factor (MFA) solution at key entry points and in your core code development environments, such as CI/CD repositories and solutions (integration and continuous delivery).

Control and limit access to information Ensures that users have the minimum privilege and restricts access to people who really need it, ensuring its periodic review and recertification. The implementation of segmentation in the network minimizes the risk that an attack spreads quickly and without control, avoiding great impact and financial loss, and finally use password vault solution to increase security in privileged access.