Sep 10, 2018 - Note that a storm only needs 20-30 kJ/cm-2 ocean heat content (OHC) units to be maintained. Given these very favorable. Icon for Programs.
(Analysis by Peled Eldan and Lena Frid) We all shop online. How many times, just before placing an online order, have you noticed the Coupon Code option and wondered – Could I get it cheaper if I had a coupon code? Most of us will drop the order to go and look for an available coupon code.
Some will skip this thought and continue with the purchase, feeling a bit gullible. A hacker, on the other hand, will probably have other ideas in mind. Coupons have been used for over a decade by online retailers as a powerful advertising tool. As eCommerce rapidly expands, so does the number of online coupon codes offered to customers to attract their attention and replace the old printed ones.
Today we can no longer ignore it; coupons have become an integral part of eCommerce. 90% of consumers use coupons, finding them from a variety of online and offline sources. Despite this most online retailers take the security aspect of the coupon code mechanism for granted, keeping it too simple to abuse. And as long as easy money is up for grabs - hackers will be there to collect it. In this post, we summarize why coupon codes are an easy target for hackers, what techniques hackers might apply to abuse the coupon code mechanism, and finally, what coupon code management policies should eCommerce retailers implement to stay protected. Getting Coupon Codes While online retailers manage a wide range of coupon codes (personal/public/targeted/short and long term, and so on), there are many places where hackers, as well as other consumers, can put their hands on the desired coupons: • On the online retailer’s site – online retailers publish their own coupon codes, possibly for SEO purposes.
For example, • Mailing lists – online retailers use this as a popular marketing technique • Social media: Twitter, Instagram, Facebook, etc. • Coupon code sites and Browser add-ons – dedicated websites (such as joinhoney.com, couponfollow.com, and coupons.com) that collect offers, either public ones provided by online retailers, or personal ones supplied by individuals, and gather them all 'under one roof.' As you can see, there are plenty of sources where consumers are exposed to coupon codes. These sources are legitimate and do a good job persuading consumers that deals are worthwhile.
A typical consumer, exposed to all these data sources, will be satisfied with the variety of discount opportunities and redeem the desired coupon for personal use. A hacker, however, will search for a way to benefit from all this easily accessible data. Coupon Code Hacking Techniques You will probably ask yourself, why do hackers need coupons? Will they go e-shopping with them? Or will they try to get them just because they can?
A basic assumption is that hackers do not have much interest in minor discounts, as provided by newsletters/free shipping codes and so on. They will try to use the available information and resources to escalate to the 'next level' and reveal some major discounts. Once they get what they are looking for, they can use it as barter on the black market. Here are several standard techniques that are used to hack coupon code mechanisms: • A hacker can brute force the coupon code field value by trying all combinations of alphanumeric values of a certain length (usually 4 to 10 characters). Easier said than done, this technique is possible but strongly depends on the hacker’s available processing power.
Guessing a 10-character long string can be a time-consuming task. • A much more efficient technique would be to use all available data to create a list of coupon code phrases, eventually defining a dictionary to brute force with: This could be a general dictionary that contains the most common coupon code patterns. For example, by retailers are: With a few intuitive assumptions, a hacker can easily build a nice dictionary out of these, including some obvious patterns such as 'SaveXX', or 'extraXX'. It’s worth mentioning that usually, coupon codes phrases are case insensitive. For example, 'SAVE25' and 'save25' are typically interpreted as the same coupon code, making it easier to guess. Another option is to compile a custom dictionary, targeting a specific website, based on common patterns that were previously disclosed by the retailer. Here is a real-life scenario: After analyzing the most popular public coupon codes online, we identified a recurring pattern of '10% OFF'.