How to Prevent the Top 3 Ecommerce Attacks


Last night I received a call from a friend telling me about his online store and the tragic story that he was receiving fake negative reviews and something named Hijacked Listings.

What?  Yes, apparently some competitors decided to use some unethical practices. It happens everywhere; Google, eBay, online stores, Amazon, Walmart, etc.  

Long story short, my friend’s listing was closed, he was devastated and I decided to do a Full Stack Audit for his brand and write this article.

Types of attacks

In this sense just one negative review is not an attack. That is normal and everyone has at least one. But when you are having systematic or constant negative reviews, it is time to check if you are having a Negative Fake Review attack.

1. Fake reviews 

From both sides, customers’ and vendors’ fake reviews debilitate the marketplace and ecommerce.

In general, we can find 3 types of fake reviews:

  1. Vendor buying fake reviews, for bots or people
  2. Vendor receiving negative fake reviews by a competitor, or
  3. Customers criticizing or rewarding products they haven’t even bought.

Considering the statistics from Bright Local, 87% of consumers read online reviews. Here lies the importance of preventing or recognizing fake reviews.

How to prevent and recognize fake reviews?

  •       As a customer:

-It is a good practice to review the product on different platforms.

-Read different reviews and consider other responses by the business

-Never trust an unverified account

-Get help from review sites or apps, such as Yelp or BBB

  • As a vendor 

Track your reviews and use technology too. For example, or SEMrush.

-You should always answer the negative review, trying to resolve the problem in a courteous way.  Do NOT ignore the content.

-Apparently in Amazon the fake reviews have been increasing because a lot of investigation is needed to resolve it. If you are having this problem with Amazon, report it as abuse in Amazon and even on other platforms.

A defamatory review could end a small business. LawShucks explains when you can sue and when is not the answer.

2. Sabotaging 

  • Online Sabotage means to deliberately damage an online business’ reputation.
  • The damage could be made from spam or bots doing fake negative reviews on the product, the service or even negative SEO ( Search Engine Optimization) practices or negative Influencer practices.  All of these are UNETHICAL techniques. Sabotage damages the industry, and you should avoid these techniques and report them.

  • To prevent sabotage, you need to be constantly monitoring your website, ads, social media and other platforms where your products are listed like Facebook or Google Shopping.

  •  Look for inconsistent or systematic behaviors. For example, if out of the blue, you are getting more clicks in an ad campaign without sales, you are probably the victim of a click attack campaign. You can prevent them by using technology, from captcha, honeypot, JavaScript, and others.

  • Perform periodic self-audits to your site. There are multiple tracking tools, such as Ubersuggest. 

  • With these you can find who is talking about you and clicking to your website. If you see some malicious behavior, you could submit a disavow file to google.


3. Hijacking


Referring to the definition above in E-commerce “something” is your webpage, listing on amazon, Walmart or any other place; you name it.

The most common types of hijackers are the traffic hijacking, cookies or session hijacked, and hijacked listings.


Traffic hijacking


This attack goes directly to vendors, attacking their webpage and redirecting the traffic to another site. In other words, the hacker stole your visitors. All the work that you put in gaining all those visits, somebody else is going to use.


To prevent traffic hijacking, you need to track your webpage constantly. For example, how is your page working? Are you getting an external pop-up? Listen to your customer complaints – they will inform you if something is not working properly. Do not ignore them! Check for inconsistencies; if one day you are ranking high and the other your traffic drops or simply your webpage disappears then it is a sign of “Alarm alert!”


          Technology is your best ally, from apps helping you detect malware to techniques like https encryption. You could check security companies like Cloudflare, Incapsula, or Fastly.


          If you are a customer inform any kind of malfunction that you find on your favorites web pages and never click on any link in a pop up, email or social media that looks suspicious, that will help you to prevent:


Cookies or session hijacked


This attack goes directly to customers. The hacker stole your session ID by tricking you into clicking a malicious link that steals your cookie session.  In other words, they can now enter an active session. Although they do not have your password, they stole your cookie, so they are able to use your session in the bank, store etc. That is why banks log you out after a time.

You don’t have to be scared of cookies now, but there are simple steps to prevent this from happening to you.


To prevent session hijacking


          Do not follow suspicious links on emails or social media. Go directly to the bank webpage or store.


          Do not log in on public wi-fi, and if you have to, connect in verified networks like a coffee shop where you need to check the terms of service… and do it, check the terms. If you need to download software to use it, turn around and walk away!


          If you are a traveler, you definitely need to think about a VPN (virtual private network), but if you just use the internet from home, change your configuration to private.


          Invest in antivirus and antimalware and maintain the software up-to-date.


Hijacked listings


Apparently with the pandemic hijacking is getting worse at Amazon.

There are a bunch of theories of who is involved and how they are doing this. In the meantime, people are being damaged and businesses are out of the game.

Some dishonest sellers take control of your listing and they publish it again with all the prohibited words or products on Amazon. Then Amazon triggers a “policy violation” and your listing is closed.

If you were already hijacked and your listing was suspended, I don’t have good news. The only thing to do is to file a complaint with Amazon thru seller central, or seller support. Tech support won’t be able to reinstate your listing.

Get all the evidence possible and submit an appeal.


To prevent a hijacked listing


          Again, you need to track your listing constantly, eliminate any prohibited words and report problems immediately.


          Get approved from Amazon Brand Registry. In this way you submit your product details and your products are cataloged as Amazon brand.


Call of action


Although there are multiple attacks outside, you definitely shouldn’t be scared and go out of the internet. You just need to prevent and remember: 


          If you are a vendor you need to track your webpage, store or account constantly. Although these attacks are not your fault, your webpage and customer are your responsibility.

          Look for inconsistencies.

          Do not ignore comments or reviews.

          Try to migrate to technologies like Blockchain.

          As a vendor or a customer, invest in security.