On June 12th a Singapore based ecommerce using Shopify platform has been hacked. With an estimated loss of $24,000 SGD. The florist Ms Wendy Han found out that her Shopify bank account has been change to the hacker bank account.
As much as how system vulnerability can be abused, 80% of such attacks comes thru through human error. As seen on this attack, the attack can be based on 2 attack vector, which are Phishing / Brute force.
Firstly, Let’s start with Phishing, Phishing is basically the fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers. As from the case above, the victim might received a spoof email asking her to change her password by the attacker.
One must always take note of the email digital signature sent and also checked on the link sent before clicking onto the site. As best practice, we always encourage the use of two-factor authentication to prevent such attempt.
Secondly, on brute forcing, brute forcing is basically using a dictionary which the attacker complied on his computer and running thru all kinds of password to find the right one. As from the case above, the victim might be using a easy password which helped attacker cracked down on her password.
Easy password such as “Ilovemy[pet]”, “LetMeIn”, “StarWars” etc.. should never be used as the dictionary will easily identify the password and thus let the attacker gain entry into your digital asset. One should always use a strong password. etc “adding Singlish to your password” like e.g “V3ryShl0k!%^”.
This actually limits our attacker to only “Malaysian & Singaporean” as only these two countries understand the usage of Singlish & Manglish respectively (pun intended).
Therefore, in CAD We hope that this blog helps our reader in staying safe and well protected from their own digital asset.