How Social Media Hacks Compromise Your Fraud Protection Efforts
In January 2021, a cybercrime intelligence CTO discovered a database of leaked Facebook data that had been hacked two years prior. The database contains more than 533 million verified Facebook records from 106 countries, including over 32 million records on users in the US, 11 million on users in the UK, and 6 million on users in India.
The hacked data includes users’ phone numbers associated with IDs and full names, locations, birthdays, bios, and some email addresses. For cybercriminals, this is a treasure trove of information they can use to impersonate or scam the users in the database. And because it’s been posted on a low-level hacking forum that is both unlimited and ungated, anyone with basic technical skills will be able to access the data.
What Does the Facebook Data Breach Mean For Your Ecommerce Business?
The bad news? It’s very possible one of your existing or potential customers’ data has been compromised. But, short of looking each of them up in recently published utilities, you won’t know for sure. And while a recent ClearSale Consumer Behavior study reported that some consumers can be forgiving about fraud, your business could still be at risk.
In the study, all respondents indicated that transaction security was an important factor for their purchasing decisions, placing a high value on a merchant having fraud protection practices in place.
What’s interesting, though, is the same consumers didn’t seem to appreciate the value of data privacy – a key factor in preventing data breaches – as much as fraud protection. This may indicate a disconnect in understanding the link between their compromised data and online fraud.
Why ANY Data Breach Spells Danger for Ecommerce
Data breaches like this one, where payment data isn’t compromised, naturally have less of an impact on ecommerce than a bank data breach.
That doesn’t mean you’re in the clear, though: Customers often use the same login credentials (or at least the same passwords) across accounts, whether it’s social media, bank accounts, or ecommerce accounts.
Fraudsters program bots to use those credentials for account takeovers (ATOs), one of the most common types of ecommerce fraud. They can impersonate legitimate account-holders using those bots to replicate legitimate user behavior, change passwords, and redirect all communications away from legitimate users.
From there, the sky’s the limit. When banks and credit card companies call or text “account holders” to notify them of these changes, everything checks out. And in the meantime, fraudsters are ordering as much merchandise as they can, and may even sell the account data to other fraudsters so they can get in on the action.
So, how do you keep your customer data safe?
How to Protect Your Ecommerce Site from Hackers
The tricky thing is that hacks can take different forms. You might have your customer database locked down tighter than Fort Knox…but then a hacker gains access to your main page and launches a redirection attack, causing visitors and customers to click on legitimate-looking (but malicious) login links—resulting in your customers unwittingly giving their login credentials to cybercriminals. Hackers may also create and approve ads using your Ads Manager to promote malicious content, costing you thousands before you can take action.
If this all feels like a giant game of Whack-a-Mole, you’re not alone. Plus, a successful hack can cost you time, money, and the trust of your customers.
To protect your online business, you’ll need to put some measures in place.
Create A Data Breach Incident Response Plan
First and foremost, create a clear plan with instructions to follow in the event of a security incident. This will protect all stakeholders – customers, employees, investors, etc.
Ideally, plan for a few different levels of severity, including the worst case scenario. If that worst case never happens, great. But if it does, you’ll be very relieved to not have to come up with a plan on the fly.
Keep in mind that your plan will need to include reporting any hacks to the Federal government if a recently proposed executive order is signed, which requires reporting by all companies, especially those in the public sector. The increase in data breaches and online fraud has been noticed and is being addressed at the highest levels.
Stay Aware of Other Data Breach Incidents
A breach on another ecommerce site can affect yours since people use the same e-mail and password for multiple accounts. When you hear about a breach, be on the alert for a spike in orders and consider ramping up your manual screening.
Don’t Forget About Your Business Social Medial Page
Make sure to protect your social media business page from hacking by following these steps:
- Use Virus Protection - Make sure every page administrator has virus protection installed on your computers and keeps the software up-to-date.
- Protect Access to Your Account - You’ve heard the warnings about password selection and making it unique. This is exactly the reason why. Take advantage of two-factor authentication wherever possible as well. Much like a good lock on your door, it may not keep the most determined criminals out, but it will at least act as another layer of deterrence.
- Pay Attention to Unusual Activity and Alerts - You may receive notifications about phishing attempts and security recommendations. Don’t ignore them – they offer valuable information to help you guard your page from hackers. On the same note, report any suspicious activity and flag users that behave unusually.
Overwhelmed? Consider Working With a Solutions Partner
With the technological advancements and criminal ingenuity we see today, data breaches will continue to happen and create more opportunity for online fraud.
The good news is you don’t have to fight this battle alone.
Your best bet to protect your ecommerce store is to work with a partner that not only has the experience to detect fraud and identify fraudulent patterns, but who also stays on top of global intelligence about fraudsters and hackers.
ClearSale’s solutions are used by online merchants around the world, giving us a unique view of the industry and a massive database of transactions that can be used to detect fraudulent patterns long before any single merchant could identify them happening to their online store. For assistance in protecting your ecommerce business, reach out to us for more information.