Thanksgiving sales have become a big hit online. Customers get to see multiple brands and browse amazing offers just by clicking a few buttons. Most importantly, no more standing in queues and hopping stores. For businesses too, this entire online thanksgiving sales have opened new set of opportunities.
For website/app owners with this ease of running sales online comes a responsibility too. It is important to assure that your end customers do not get hacked as they trust you with their credit card information, address, phone details etc.
Top 5 Ways Hackers Can Hack Your Website/App This Blackfriday:
- Known Vulnerabilities: A website owners’ neglect is a hackers biggest asset. If you are using a CMS like WordPress, OpenCart, Magento, Joomla, Drupal etc. then you need to make sure you are using their latest version. These CMSs have known vulnerabilities which hackers often exploit.
A couple of years ago, Shoplift vulnerability was found in Magento stores. This vulnerability allowed hackers to remotely create an admin user in every Magento store. After Magento released an advisory and patch, still thousands of stores failed to install the patch and remained vulnerable. It is advisable to verify the extensions you use as a lot of times hackers exploit vulnerabilities in these loosely coded extensions.
- Choking Your Resources: A classic Denial of Service (DoS) attack. Hackers have a network of hacked servers and computers at their disposal. They use this army of bots to send huge amount of traffic to your website/app. This causes too much stress on your servers due to which legit customers get blocked out of the website. Key is to make sure you use a CDN and assure that all the ports not in use are stopped. Having a firewall goes a long way.
- Creating Fake Pages: You need to be extra careful on the areas where you give users an ability to fill forms and create pages on your website. These are the areas from where hackers can either:
- Insert malicious links in your website:
- Click Links in Incognito: This is the most used trick by hackers to lure you into clicking a malicious link sent by them. Once you or your team that has access to your website clicks this link, they get compromised and hackers can take over your website too. It is recommended that links coming from outside sources are first clicked in incognito or in a sandboxed environment.
It is highly recommended to get your website hacked before hackers do! What I mean is, get a security audit done for your website where ethical hackers try and find all the vulnerabilities in your website before malicious hackers do. This way you get enough time to fix them before bad guys come looking for them.