Ways to Detect Phishing Attacks on Your e-Commerce Business

June 21, 2023

Phishing Attacks on Your e-Commerce Business

A new type of internet scam is hitting companies and merchant accounts – “phishing” attacks. These strikes are a savvy combination of social technologies and identity theft that manages to trick people into revealing private details.

Unfortunately, it’s really rewarding for fraudsters. Phishing attacks cost companies from those with low risk to high risk merchant accounts over a half-billion dollars yearly, with almost 76 percent of organizations victimized using a phishing scam. With nearly 1.5 million new phishing websites established annually, phishing attacks are on the upswing.

The good news is that ecommerce and high risk merchants do not need to be a casualty of these strikes and should understand what to search for, who is at risk, and the action to take to stop them.

How does phishing work? Phishers have multiple tricks up their sleeves to con customers and businesses.

Here’s an overview of what these tactics are and what to look out for:

Fake Emails, Texts, and Calls

In the most typical phishing scam, fraudsters contact individuals, merchants, or business owners and present themselves as an authority figure from a legitimate business. The fraudster then attempts to get the victim to reveal confidential information – such as passwords and account numbers.

These fake communications normally contain highly specialized elements that appear legitimate. It’s become increasingly tricky for consumers to tell actual emails apart from false ones.

Take, for example, a 2014 assault against JP Morgan Chase clients. Not only did this attack give the fraudsters the opportunity to acquire customers’ credentials, but additionally, it delivered malware to the victims’ computers, which may have contributed to breaches with various other associations.

Fake Checkout Pages

Hackers can add malicious JavaScript snippets to advertise pages in WooCommerce, Magento, PrestaShop and other ecommerce platforms. Assuming that the customer goes and clicks into a website’s checkout page, the script redirects them to a malicious website.

In the event the customer or merchant is not paying attention to the address bar after they have landed on the counterfeit checkout site, they might not realize that they are on a completely different site and provide their credit card details directly to the fraudster. This ends up becoming a double whammy: not only will the customers’ credit card data have been stolen, but the merchant will also lose whatever was being purchased.

URL Modification

Fraudsters know that only a few vigilant customers do actually focus on the links they click. To counter that action and protect against detection, fraudsters produce more secure-looking (but still fake) URLs — generally sites that are pretty equal to the true URL, besides a few small, barely noticeable changes — to lure clients to click.

PayPal Account Suspension

Since many retailers use PayPal to conduct business, a suspended or restricted account might lead to a serious loss in revenue. Merchants, including both low and high risk merchants alike, are required to receive notice if they get an email that warns that their PayPal accounts will be more restricted because of odd activity.

While most of these emails are scams, retailers can still naively follow the directions like entering usernames and passwords onto a fake page or downloading, completing, and submitting a attachment – which unintentionally gives the cyber-criminal their login credentials and total access to your merchant PayPal account.

Phishers send legitimate looking documents such as invoices and proposals as attachments within emails, and when the receiver opens the attachment, the document auto-installs harmful malware. According to Symantec, 53% of its examined emails are spam, and 1 in 131 mails were infected by malware in 2016.

PayPal Account Suspension

Who’s Most Likely to Become a Victim of Phishing?

Phishing attacks continue to grow, simply because it’s working. Consumers and merchants have difficulty distinguishing fake communications from real ones, especially if they appear to come from a trusted source, like a buddy or a supervisor.

With so much of our lives spent online nowadays, fraudsters have ample opportunities to utilize malware to hack businesses and capture sensitive data.

What businesses, merchant accounts, or individuals are prone to phishing attacks? It depends upon who you ask. PhishLabs reported the financial industry was the hardest-hit target in second-quarter of 2017, receiving 33 percent of malware dangers, followed by web and online services (22 percent), payment services (16 percent), cloud storage/file hosting (10%), and e-commerce (7 percent). Financial organizations could possibly be described as a bigger target due to the abundance of data and money available.

Merchant Services Companies

Fraudsters also target businesses that process credit card payments for retailers and those who have merchant accounts because they understand that compromised balances are extremely prone to have funding available. Fraudsters send emails saying that a merchant’s credit card processing accounts were obstructed as a consequence of strange activity, laying the groundwork for workers to provide fraudsters with their credentials and complete access to reports.

The takeaway? Phishers are projecting broad loopholes in the hopes that the recipients who fall for their ploys will make it rewarding. That means that every business – irrespective of size or industry – must shield themselves against the likelihood of fraudsters.


Master List of Account NumbersSo, how can merchants protect themselves and their customers?

Fraud efforts are getting more complex, so here are a few recommendations about how ecommerce merchants can protect their clients from becoming a victim:

  1. Create a Master List of Account Numbers: Compile all seller account sums into an individual file. Before workers open any emailed invoice, compare the account number in the email together to the master list. If they don’t match, then delete the email.
  1. Examine the Sender’s Email: Even if the email seems like it’s originating from Renee Smith, employees have to put their mouse over her name to confirm that it is coming from her email account. Fraudsters often slightly change names – such as from [email protected] to [email protected] – in an effort to sneak fraud past unsuspecting recipients.
  1. Watch the Tone: When the tone of the email appears unusually aggressive or sterile, don’t respond – delete the email and proceed.
  1. Teach workers: Some companies will phish specific workers, sending out emails that look as though they are from coworkers or outside collaborators and document the names of other people that opened it. Take care to educate individuals who are duped by the fake phishing emails and explain the consequences of sharing sensitive information. Merchants may also offer employees training about what to look for in phishing emails and keep them up-to-date on expanding fraud methods.
Leveraging Technology to Ensure Security

Of all the technology in the world, no one strategy can protect businesses and customers 100 percent, contrary to human error – and that is exactly why phishing attacks continue to be so successful. From this modern “gotta have it / do it now” world, fraudsters take advantage of people who don’t look carefully at the details, whether it be clients or workers.

While preventing malware attacks generally involves a healthy dose of common sense, it does not mean technology is not crucial for protecting your company against fraudsters. Shield the merchant accounts that you’ve worked so hard to build by using a strong fraud detection solution, which uses innovative artificial intelligence to accommodate exceptionally trained analysts. The final result are fewer untrue declines and chargebacks and more approved earnings.


June 21, 2023 | High Risk Merchant Account | Guest Post