Cyber Security Related to Online Shopping - Hampton University

Cyber Security Related to Online Shopping

Kendall Sapp

Computer Science

Hampton University

Jean Muhammad

Department of Computer Science

Hampton University

jeana.muhammad@hamptonu.edu

kendall.sapp2@

Abstract

The purpose of conducting this research is to educate online

shopping customers so they know how to conduct a secure

purchase and navigate shopping websites safely. There are

many people that buy from online websites that either never

receive their product or have their identity stolen because

they did not take proper precautions. With the simple tools

that I hope to touch on during my research paper customers

can be more observant of situations where their personal

information is in jeopardy. The design of the study will be

done in a research format. I will use the articles I found to

research exactly what ways online shopping sites are

vulnerable and how to tell when a website is not legitimate. I

will then send out a survey through social media to get

feedback about what problems online shopping customers

have faced and what questions they have. After completing

my survey, I hope to have a better idea of what the customers

experience is with online shopping and how to better educate

them on the safe practices while using shopping websites. My

research will be centered on the vulnerabilities of online

shopping and how users can navigate these websites in a

secure manner.

I.

Introduction

With technology constantly advancing shopping has become as

easy as a tap on your phone, but what happens when that

shopping site is corrupted? Online shopping is one of the most

popular ways of purchasing everyday items, but the security on

these sites can be poor if not managed properly. Online websites

require that the customer provide their first and last name,

shipping address, billing address, and credit card number. This

information is valuable and can be used against you, especially

by a hacker. Many users have had credit card numbers stolen,

identities stolen, and much more because they were not cautious

when disclosing their information. Ensuring a secure transaction

is the responsibility of the vendor but if the customer has the

knowledge to identify when a website has been corrupted they

are less likely to be hacked. By educating customers on the issues

with online shopping and the possible vulnerabilities I hope to

create a more secure experience for everyone uses these shopping

websites.

II.

Problem Statement

Online shopping has become the most popular way to shop. As

the number of customers making online purchases increases,

hackers are finding more and more ways to steal their personal

and financial information. The purpose of my research was to

find out exactly how much customers knew about the risks of

online shopping and how companies can help educate customers

to create a safer shopping experience for both parties.

III.

Methodology

Research Design

The purpose of this study is to educate customers on how to

safely conduct online shopping. Individuals submit personal

information to online shopping websites daily without thinking

about the repercussions, this research is to help customers

identify the vulnerabilities of online shopping and how to keep

their personal information safe. By the end of the research I hope

to know more about how safe the customer feels about online

shopping and how we can better educate them on how to shop

safely on the internet.

Research Approach

I have conducted research through online resources and surveys. I

have found several articles about the dangers of online shopping

and how to identify when a website has been corrupted. They

also outline the vulnerabilities in online shopping and things

customers should be aware of. I have also sent out a survey

asking customers how safe they feel online shopping and if they

have had their card number or identity stolen in the past.

Sampling Method

The research done will be limited to articles found from the last 5

years so I can present current information. I will also provide

example websites from companies that have been known to be

secure so customers can know what to look for when they are

shopping online. It is important for readers to know exactly what

keys to identify when they are shopping, especially on websites

that aren¡¯t as commonly known.

Data Collection Method

Data will be collected through online surveys that will be sent out

through social media. The survey questions will consist of nine

questions that will ask the customers how comfortable they feel

while online shopping and if they are interested in learning more

about how to navigate online shopping websites safely.

Data Analysis Method

The data analysis of this research will be done in a qualitative

method. Most of the research will be done through analysis of

online articles and website analysis. Quantitative data will be

gather through the online survey. The data will be organized by

age so I will be able to analyze how comfortable each age group

is with online shopping.

Protecting Personal Information while Online Shopping

Online shopping is the most popular way to purchase items from

anywhere, people online shop to do Christmas shopping,

purchase birthday presents, and even buy groceries. Online

shopping has become so popular that they have created a holiday

to celebrate online shopping discounts, Cyber Monday. People

ADMI¡¯19, April 2019, Memphis, Tennessee, USA

have complete embraced the simplicity and convince of online

shopping, but have not yet identified the risk that come along

with it. Online shopping is great for the customer that wants to

avoid long lines and crowded stores but there are also security

risk that go along with the benefits. There are many companies

out there that don¡¯t take their cyber security as serious as they

should and that makes their information and the information of

their customers vulnerable.

Shoppers need to take security measures to ensure we are

shopping from reliable sites and double checking the URL we are

shopping on to ensure they are the correct ones. Many hackers

create URLs that are similar to well-known websites in hope that

users make simple typos that bring them to their malicious site.

An important tip is to check if the website has the correct security

lock indicator, if the website has HTTPS it is more secure than

HTTP. Some hackers will even provide better deals than the

official site so lure customers looking for a better deal.

The same can be said for mobile shopping, it is important to

ensure you are using an official mobile app instead of a thirdparty app to ensure a secure transaction. This way you can be

more confident when entering your personal and credit card

information. Customers are always use strong passwords to make

it more difficult for hackers to penetrate your online shopping

accounts. Experts recommend that your passwords at least

contain one uppercase letter, one lowercase letter, one number,

and one symbol, but many companies don¡¯t require passwords of

that difficulty. Once you have created a password you are

comfortable with ensure it isn¡¯t the same or similar to any other

password you use for other accounts, because then hackers will

only have to hack one account to gain access to all your personal

information. Some shopping sites provide a password rating

generator that rates your password depending on length and

character types. Using passphrases can also help protect your

passwords integrity against hackers. Use unique complex

passwords on all your online shopping accounts and be sure to

change them frequently to keep yourself protected.

Ensuring you are using a secure network while online shopping

can also be help make sure you are sending a secure transaction.

There are hackers out there that set up private networks that are

set up to look like open Wi-Fi networks and they track all the

websites you go to and information you enter. If you were to

make a purchase on one of these malicious networks you could

be exposing your personal information. To ensure you are using a

secure network double check the name of the network to ensure

there aren¡¯t any typos. With many guest WIFI¡¯s a guest policy is

automatically pulled up once you access the network so ensure

that you see one of those policies before browsing around on the

network.

Finally, it is important to think before you click, because of the

importance of your personal information is it essentials that you

do not click on anything that looks suspicious or fishy. Many

hackers create phishing ad and emails that claim that they have

great deals but in actuality are stealing your personal and credit

card information. These ads can pop up anywhere, even social

media, so beware of all ads suggesting good deals. Check with

official sites so you won¡¯t get caught trying to get a deal on a

suspect site.

K. Sapp and J. Muhammad

Online Shopping Security Issues

The internet was created to allow everyone to opportunity to

access the vast amount of information available in the world, but

there are those out there that want to take advantage of this tool.

This also applies to online shopping, although it is a convenient

asset that allows shoppers to avoid the hassles of stores there is a

danger to it unlike traditional shopping. Previously if an

individual wanted to steal of a customer in a store they would

have to physically steal their credit card and hope they didn¡¯t set

of any card fraud alarms. Now, thief¡¯s can steal from customers

in a variety of ways without even know the person. The risk of

hack attacks is very strong in the online hacking world, and

hacker can gain unauthorized access to your computer, phone, or

tablet by taking advantage of unpatched software holes. Some

hacks don¡¯t even require a technical background, individuals can

download hacking tools and malware that can be used to gather

customer¡¯s information. Hacker¡¯s primary goal is to gather as

much information about the customer as possible. While online

shopping, customers enter valuable information like first name,

last name, address, email, phone number, and credit card number,

this is more than enough to steal someone identity. They will use

this information pretending to be that customer and make

purchases using their card. Many thief¡¯s will make as many

purchases as possible in a short amount of time to try and spend

the customer¡¯s money before they have time to realize they have

been robbed. They will then auction off the items they purchased

to profit from the identity theft. By being cautious of what

websites you plan on giving out your personal information you

limit chances you have of being hacked.

The most common type of cyber security threats for online

shopping is phishing scams. As online shopping has increased in

popularity so have the amount of phishing scams. This is because

phishing scams are easy to create and simple to execute. Hackers

don¡¯t require any technical background to create a phishing ad

and simply by using a phishing attack hackers can gather enough

information to conduct credit card and identity fraud. Phishing

emails are a popular version of phishing scams because many

people believe that if they receive a personal email then it should

be safe to click on the emails link. After clicking the link a

variety of things can happen depending on the scam, they could

send malware to infect your computer and copy your important

files on your personal computer, they could have you fill out a

fake shipping order where they collect all your personal and

credit card information. The ways to avoid phishing scams is to

always be on the alert and question everything that is sent to you.

If you receive an email about a great deal question why they

would require your information to receive the offer. Another item

to check for is where emails are coming from, similar to creating

URLs that look like the original website hackers will create

emails that look identical to the official company¡¯s email. By

changing a letter or adding a number they trick customer into

believing they are receiving a great deal from their favorite

clothing website when in fact they are phishing for customer¡¯s

credit card information. Practicing restraint on clicking emails

before checking them could keep your personal information safe

and make it harder for hackers to steal your information.

Cyber Security Related to Online Shopping

Although there are several ways for non-technical hackers to try

and steal customer personal information there are also

complicated attacks that require more knowledge, like

ransomware attacks. This attack gains access to the targets

personal computer and restricts access to certain files or your

entire console. Once hackers have gain control the system they

will contact the computers owner demanding payment before

they give access back to the owner. Once the hacker receives the

money there is no guarantee that access will be given back to the

owner of the computer or that the hacker won¡¯t just use the credit

card information to make other purchases. These ransomware

attacks can come from many different places, pop-up

advertisements, phishing emails, and malicious networks to infect

individual¡¯s systems with malware. Like phishing attacks, these

pop-up advertisements and emails will contain incredible deals

that trick users into clicking the link and infecting their personal

computers with software that could lock the computer screen or

encrypt the user¡¯s files on their hard drive.

Cyber security experts are tasked with helping individuals protect

information they don¡¯t even know is at risk. The reason I selected

this topic for my research is because I realized that the common

online shopper doesn¡¯t know the safe practices that are associated

with making purchases over the internet. The information

customers put on the internet is extremely valuable and if not

protected properly could ruin the person¡¯s credit, debt, and many

other things. As cyber security professional, they are

knowledgeable in this field and can provide guidance to shoppers

that aren¡¯t technically savvy. It is the duty of cyber professionals

to spread their knowledge so that shoppers can be aware of

cyber-attacks and know how to combat them. It is also the

responsibility of the companies to hire cyber security

professionals to ensure their servers that are built for data storage

and transfer are secure and remain protected from hackers. There

is no such thing as a hundred percent secure system but it is the

job of the cyber security professional to identify and secure as

many vulnerabilities are possible. Customers should feel safe

interacting with vendor¡¯s online shopping websites and both

parties should leave the transaction with their system safe and

information secure. Many users don¡¯t have the information

necessary to shop safely to be education users through safety

emails companies are not only protect the customer but the

integrity of the shopping website.

There are several vulnerabilities when online shopping, just being

on the internet in general can be dangerous so by including the

amount of important information you must disclose to complete a

transaction, makes online shopping that more risky

Cyber Security Consumer Safe Practices

Online shopping has become the most popular way to shop,

especially during the holiday season. Many customers want to

avoid all the issues that go along with shopping in stores but

don¡¯t know how to shop safely online. There are several safe

practices consumers can add to their online shopping routine that

can assist them in having a safe and problem free shopping

experience.

Online shopping has become so popular several reasons, one

being the organization of it all. Customers no longer have to save

ADMI¡¯19, April 2019, Memphis, Tennessee, USA

their receipts in their glove box, all transactions are recorded

electronically and receipts are emailed to the customer. This way

if something needs to be returned the customer can easily find the

receipt and either return the item to the store or mail the item

back. Many companies are aware of the amount of items being

returned during the holiday season and will provide a free sticker

to have the item shipped back to them.

Another benefit of online shopping is there are various ways to

pay, customers can use credit cards, disposable debit cards,

online payment services (PayPal), gift cards, site credits, and

many others. This convenient for the customer because it allows

them to use different methods of payment, regardless of their

financial status. Online shopping websites also have built-in

online safety tools that alert customers when they are in jeopardy

of being scammed. The website will send out icons and alerts that

help users know a phishing ad or unsecure message is being sent

to them and blocks the advertisement. This helps the customer

and the company remain secure against malicious threats. The

final advantage is the addition of customer reviews to every item

on a company¡¯s website. Customer can now see ratings and

reviews on items they are considering purchasing and can make

an educated decision on whether they want to purchase it or not.

All these factors are what make online shopping so convenient

and easy to access, but there are also risk that go along with it.

At times, online shopping can be too convenient, there are so

many things available online customers can get overwhelmed and

tend to make purchases that are out of their financial capability.

Many companies do online deals during events like Cyber

Monday, but beware of those hidden fees like shipping, handling,

and duty charges. These extra charges raise to price back to its

regular listed price so customers have to ensure that they are

checking the final price before entering their payment

information. There are scam artist everywhere trying to trick

customers into believing they are purchasing an item for a low

price, when in fact they are buying something damaged, stolen,

or nonexistent. Be sure to check the customer reviews and ratings

on auction sites like EBay and Letgo to check if other customers

have had problems with the seller in the past.

Many companies have even added ¡°one click shopping¡± buttons

that save user information in the websites database. These are

considered dangerous because if the company gets hacked your

customer information would get stolen. It is also important to

clear your cache to ensure none of your credit card or store login

information has been stored in your browsers cookies. These

cookies can also be hacked and give hackers personal

information that they can abuse. There are several ways to protect

yourself while shopping online. Credit card companies are

usually very aware of identity theft and will contact the cards

owner if any suspicious purchases have been made. Even getting

a separate credit card specifically for online shopping can be

useful because you can set limitations on what the card can be

spent on. Using disposable cards or gift cards have the same

benefits because they only have a specific amount of funds on

them and can¡¯t be linked to your main bank accounts. If a hacker

was to get ahold of the gift card information they wouldn¡¯t have

any of the customer¡¯s personal or financial information and

would be completely safe during a malicious attack. Ensure that

ADMI¡¯19, April 2019, Memphis, Tennessee, USA

you are using an encrypted site by checking the browser lock

icon, this provides conformation that your personal information

will be safe if you decide to make a purchase.

Keeping software up to date can also be helpful because most

updates fix bugs and provide security updates. This software can

keep your computer free of malware and your financial

information from being compromised. Make sure to log out of all

shopping accounts when online shopping on personal computers.

By logging out customers avoid having others make unwanted

purchases on their account because in many cases that money

won¡¯t be returned. If a person were to see your account logged in

with bad intensions they could record personal, banking, and

billing information. Looking closely into the items you are

buying can be extremely helpful when making online purchases.

Do research on what the item is supposed to look like and look

for key words in the description that could make the item seem

fraudulent. Words like ¡°refurbished¡± and ¡°like new¡± usually

means the item is used. Asking the seller questions about the item

can also give away if the item is similar to the one they display in

the photos; the customer should always be questioning the seller

because it is their money on the line. This same rule applies for

dealing with knockoffs. Most items have a standard price that

doesn¡¯t lower too much off the retail price, so if a great bargain is

being sold on the internet more than likely it is a fake. Be aware

of these fake items and research the key things to look for to

determine if the items are real or not.

Finally reporting fraud is the best practice you can do when

shopping online. Being a victim of fraud can be traumatizing and

instead of staying quiet and admitting defeat, report the incident

to the website. Many of the major vendors have policy for

fraudulent items, purchases, and identity theft and have

procedures put in place to deal with these incidents. By reporting

fraud customers can help those like them from suffering the same

fate and can identify vulnerabilities in the shopping websites

system. The action of reporting fraud is what keeps our online

shopping web space secure and allows companies to learn from

their mistakes.

IV.

Results

K. Sapp and J. Muhammad

my survey results came from people from ages 18-24.

When I asked how safe these shoppers felt while online shopping

the 43% of the responders said they felt moderately safe.

This proves that the average shopper realizes the threat that goes

along with online shopping but does not know the proper

practices to avoid these threats. Surprisingly 66% of the surveyed

shoppers knew the check their shopping websites URL prior to

inputting personal and credit card information. This is good

because it tells us that people are aware that there are scammers

out there that create fake websites and that they should always be

aware of what website they are shopping on.

To get a sense of how the average shopper felt about online

shopping I conducted a survey and sent it out through social

media. The survey contained 9 questions asking customers about

how comfortable shoppers felt while online shopping and if they

know any of the general safe practices while shopping online.

Each question had a purpose to investigate how comfortable the

average shopper is, if they have every had their information

compromised before, whether they know the safe practices

related with online shopping, if they have ever hacked an online

shopping website before, and if they are interested in learning

more about how to shop safely on the web. To get the required

100 responses I sent my survey through three social media

outlets, Facebook, Twitter, and Instagram, because of the 90% of

When asked if users felt their information had ever

been compromised while online shopping 51 percent of people

said no. This was also surprising after analyzing the other

questions I asked. 84% of responders claimed that they had never

Cyber Security Related to Online Shopping

had their identity or credit card number stolen when online

shopping but if 49% felt like they had their information

compromised before why did they feel it was not their personal

or credit card information. These results give me the impression

that although customers feel their information has been stolen

before they can¡¯t relate it to identity fraud or maybe don¡¯t

understand what hackers are doing with their information. Below

is a graph that displays how many people believed that their

credit card or identity had been stolen while online shopping.

ADMI¡¯19, April 2019, Memphis, Tennessee, USA

supply runs out they inform the other customers they have run

out. These bots guarantee the user that they will receive an item

before the websites completely sells their stock.

Code writers that create these bots are able to make a profit off

these bots because of the limited supply of these designer shoes.

Some shoe bots run through proxies and can access the website

from multiple IP addresses to give the customer a better chance

of getting the shoes. Customers that secure these rare shoes are

able to resale the items for almost double of the retail price

depending on the popularity of the shoe. Many see the purchasing

of a shoe bot as an investment because by getting a better chance

of purchasing the shoe, some shoe bots guarantee the customer

will get the item and will refund the customers money if they

aren¡¯t able to get the item. The popularity of these shoe bots is

enormous in today¡¯s shoe market is it was a surprise to me that

many of my responders hadn¡¯t used the hacking technology in the

past. Below is the graph of the survey question ¡°Have you ever

used a ¡°Shoe Bot¡± or any other hacking tool used for online

shopping.

When I asked users about how securely customers are making

their passwords 42.42% said that their passwords were

moderately secure. That tells me that these customers are using

passwords they are comfortable with versus using passwords

strength that the company websites recommend. Below is a graph

depicting how secure responders felt their passwords are.

What was really surprising about this survey question was that

only 2% of the responders said that their passwords were not

secure. So, customers understand that their passwords cannot be

simple because that makes it easier for hackers to crack, but they

aren¡¯t taking as many precautions as they should. Many websites

provide a password rating system so if customers were more

aware of the importance of a secure password they would be

more likely to create stronger passwords.

Another interesting statistic I discovered during my

survey was that 94% of responders to my survey had never used a

¡°Shoe Bot¡± or any other hacking tool on an online shopping

website. A shoe bot is a popular hacking tool used to automate

the online checkout process on popular online shopping websites

like Nike or Adidas. These websites place customers in a queue

depending on when the log in to purchase the shoe. Then they

allow customers to begin purchasing the shoes and once the

One of the most important actions a customer can do is report

when they feel their information has been stolen to the online

shopping site. Vulnerabilities can¡¯t be patched if customers don¡¯t

report when their personal and financial data has been

compromised.

What I found from my responses was that

88% of people that completed my survey had never reported that

their information had been stolen. This is important because

without feedback other customer¡¯s information can be hacked

and a solution can never be found. Once the incident is reported

the company can begin investigating the incident and help to

assist the customer and make sure they fix the problem so that

something like that never happens again. The results of my

survey give me the impression that customers are scared that

reporting hacking incidents won¡¯t help them get their item or

money back, when in fact the company can either reimburse the

customer or contact their bank and file a credit card fraud. Either

way reporting the incident helps the customer and shopping

website remain more secure and create a smoother transaction for

others. Below are the survey results for the question ¡°Have you

ever reported that your information was stolen to a shopping

website?¡±

 ................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download