ETDA : e-Commerce Pocket Series

...

 ...

 ...

1 ETDA e-Commerce Pocket Series

SMEs/OTOP
ISBN 978-616-7318-95-0
2527


: 2557

()

33/4 B 21
10310
0-2123-1234 0-2123-1200
www.etda.or.th

..

e-Marketing

&

()
()
()
()
()
()
()
()
()
()

Creative Content

... 1 3
ETDA e-Commerce Pocket Series


(Standard)
(Security)

SMEs/OTOP

()

Contents
1 :
1.1
1.2
1.3 10
1.4 (WiFi)

8
10
13
18
21

2 :
2.1
2.2
2.3 Trustmark
2.4
2.5

28
30
39
46
50
54

 3 : ...
3.1 S-Commerce
3.2
3.3

64
66
68
72

4 : ...
4.1
4.2 M-Commerce
4.3

78
80
83
94

5 :
5.1
5.2
5.3
5.4

98
100
105
107
110

ETDA

112

Contents


...

@ ETDA

01

1.1

...
10

18

18
1

World Wide Web WWW

(e-Mail)

Chat
SMS

11


...
12

2556

1.2

2557 ThaiCERT

ETDA ()
3
(Malicious Code) (Fraud)

(Intrusion)

26.4%

40.1%

Abusive Content (0.2%)

Availability (0.2%)
Fraud (26.4%)
Information Gathering (1.1%)
Intrusion Attempts (11.9%)
Intrusions (19.8%)
Malicious Code (40.1%)
Other

11.9%

2557 ThaiCERT ETDA*

*
(ThaiCERT)
() . (ETDA)

19.8%

13

...
14

(Fraud)

Phishing Web

Fraud

Username Password

(Information Gathering)


1

15

(Intrusion)
(Hacker)

...
16

(Virus)

(Spam Mail)

 (Trojan Horse)

(Intrusion)

1
17

1.3
10

10

...
18

1.
Login

Login

2. Password
8

Login (e-Mail) (Chat)
Password
3.



4.
(Operating System)
Anti-Virus

( Internet Explorer, Google Chrome Mozilla
Firefox)

5.

6.

Pop-Up Domain

7.

Username Password Login

https://

https://

1
19

8.




(Phishing)
(Search Engine)

9.



(Webboard)

10.

...
20

10

1.4
(WiFi)
Free WiFi

1.
Access Point

WiFi
WiFi
WiFi

WiFi
WiFi

21

2.

(Chat)

3. Password

Password

...
22

1. 100%




2.

3.

( )

4.

(
Password
Username Password)

23

5. Password
Password


6. ( https://

) HTTPS Everywhere
Firefox Chrome ( https://www.eff.org/https-everywhere)

...
24

7. Anti-Virus

8. (Share File)


Windows
Share with-> Stop sharing

9. Windows
Control Panel System and Security
Windows Firewall

25

 Firewall Windows

10.
WPA2

OPEN WEP

WPA2 Password

F24@bhn

...
26

Anti-Virus

27

24 ...
1,440 ...
86,400 ...

@ ThaiCERT, ETDA

02

2.1

...
30

(Social Network)

2

2,000

( 7,000 )




2,000

31


2556
18 19 e-Banking
1.8
()
(
2 )
()
e-Banking OTP (One Time
Password)
1.8
20



?
e-Banking ?

...
32

Social Engineering

www.thaicert.or.th
(Mat Honan)
Social
Engineering

Wired
10
Gizmodo

(Twitter)
Gizmodo (http://twitter.com/Gizmodo)


(Password)

33


...
34

Gmail

Gmail
Gmail
Google Mail
URL
Google
URL
URL
mn@me.com
me.com
Apple

Apple
4

Amazon

Amazon

Amazon

(Billing Address)


Amazon
Amazon Amazon

1

1 ()
Amazon

()

35

 3 Social Engineering
Amazon


Amazon 4 ()
Apple
me.com me.com URL
Gmail Gmail

Gizmodo
1 2
1

Billing Address

()

Backup Email

2
Billing Address

()
Backup Email

...
36

1 Amazon

- Billing Address
4
Reset Password
(Apple ID me.com)
- me.com
- Reset Password
Gmail
- Gmail URL
Reset
me.com

- Reset Password
Twitter
- Twitter URL
Reset Gmail

2
Gmail me.com

Gmail
Remote Wipe iCloud

Amazon

( )

Apple 4
Social Engineering
Amazon Apple

37







500

...
38

2.2

39

1.

Trustmark

2.

...
40

(Search Engine) Google

www.trustmarkthai.com

3.

4.

www.checkprice.net

www.checkprice.net

41

5.

Secure
Sockets Layer (SSL)
(Public Key Infrastructure)


https: http:
(
URL)

MyBank.com

a real bank

https

...
42

6.

 6

14

1.

2.

3.

4.

5.

6. -

Google

7.
.com http://dawhois.com
.th http://thnic.co.th/whois
6
( )

43

http://dawhois.com .com

http://thnic.co.th/whois .th

...
44

8. e-Marketplace
e-Marketplace

9.


10.

11.
()

12. 02


13.

14.

2
45

2.3 Trustmark

...
46

Trustmark

Trustmark



DBD Registered

() .

Smile Mark
Smile Mark
ETDA
3
(Security) (Privacy)
(Reliability)

ETDA

47

Reliability Seal Program

buySAFE Seal

TRUSTe

Verisign

SSL

Paymate Trustmark

Thawte

SSL

SOSA

e-Trust Mark

TrustSg

CaseTrust

TradeSafe

AMIPCI

Trustmark



(Online Complain)
ETDA

2
49

2.4

...
50

www.paypal.com www.paysbuy.com

www.paypal.com www.paysbuy.com



www.paysbuy.com
Paysbuy Paysbuy

1.

2.

3.
4.

5.

www.paysbuy.com

PAYSBUY

51

 www.paypal.com
Paypal
PayPal Login
Continue Payment
Details
Continue

...
52

www.paypal.com

https:



1.

2.

3.

4.

53

2.5

Internet Banking


4

1.

...
54

Secure Sockets Layer SSL

SSL


SSL

SSL
(Digital Certificate) SSL Certificate

SSL Certificate

 Microsoft Internet Explorer URL

Address SSL Certificate
Mozilla Firefox URL Address

Google Chrome https:
URL Address

https:

2.

2
55

3. (Phishing)

Password

o





15

...
56

( URL URL )

o

Phishing
Password

( www.it24hrs.com)

o

ATM

Phishing

57

 Phishing
1)

Call Center

2) URL

3)
ATM
1

4) Password


2


Password

...
58

o Password
Password
1234, 5555, 9999, password, asdf
ABCD
Password Password

Password


Password
Password

o
8

Password
ED9ts377!, t!2!m!o!h!i!t!o!0292,2S00N2btrue!!
o Password

o Password 30-45
o
Password
o Password
Password

o Password

ATM Skimmer
Skimmer

59

Skimmer
ATM
ATM ATM Skimming
2 ATM

ATM


ATM
Skimmer
Skimmer
ATM
1 2

...
60

1

( Commonwealth Bank)

2
ATM

( Commonwealth Bank)

 ATM

ATM 4
5

3
( Krebsonsecurity)

4
ATM ( Commonwealth Bank)

5
ATM ( Debt Relief)

61

 ATM

Skimmer
( 24 )
ATM
o
o
o ATM

o ATM

o ATM

o ATM

o ATM
ATM
o
Call Center
o ATM
Call Center
ATM

...
62

ATM
ATM

63

 Social Ubiquity

@ ETDA

...

03

3.1
S-Commerce


Social Network Social
Network

(Social Ubiquity)
2556 ETDA
93.8*

6.2%

93.8%

...
66

*
.. 2556
() .




iOS Android

Social Commerce S-Commerce

Social
Commerce
Social Commerce

Social Commerce Mark Zuckerberg
Facebook
Social
Commerce

3.2

Social Network
Social Network

Social Network
Social Network
Social Network

...
68

Social Network


Social Network

3 ...

Social
Network

69

 Social Commerce

Social Network

...
70

Social Network


Social
Network









Social Network

Social Network

3 ...

Social Network


Social Network 2

o


Social Network


Social Network
o
Social Network
Social Network (Phishing Web)

71

3.3

...
72

 3 ...

URL

URL
Password
www.facebook.com URL www.faeebook.com

Do Not Track

Do Not Track
Internet Explorer 10

73




Facebook Twitter

Windows Live Family Safety

...
74

URL



Do Not Track

3 ...

75


...
76

(Search Engine)
www.google.com

Prepaid

e-Marketplace
www.ebay.com
www.tarad.com

 3 ...

77

...

...

24 @ ETDA

...

04

4.1

...
80

* ETDA
57
25

*
.. 2557
() .

5 5
5

6.6
6.6

6.6

42 42
42

11 11

11

77.1% 69.4% 49.5%

6.6 6.2 5.3

31.1% 8.4%
4.8 3.4

2557

12
12

/
/
(08.01
(08.01- 16.00
- 16.00
.) .)

12

(08.01
16.00
.)

40 40

40

4 ...

43

43
43

Smartphone Tablet

81


3 SMS (Short Messages Services)
WAP (Wireless
Application Protocol)








(Mobile Banking)
(Mobile Commerce)
- (Mobile Marketing and Advertising)
(Mobile Ticketing)
(Mobile Vouchers, Coupons and Loyalty
Cards)
Digital Content (Content Purchase
and Delivery)
(Location Based Services, Information
Based Services)
(Mobile Purchases)

...
82

Smartphone
Tablet

4.2
M-Commerce

4 ...
83

1.
(Application-Based Threats)

...
84

o (Malware)

o (Spyware)

4 ...

Repackaging




Repackaging

2011 Android
Repackaging

85

Legitimate
Developer

Developer creates
a games called
Monkey Jump

3rd Party
App Store

Developer uploads
game to Android
Market

5
Android
Market

User downloads game

with malware

Malicious Developer
uploads game to 3rd
party app store

End User

Malicious Developer takes

legitimate game and
repackages it with malware

Malicious
Developer

Send location
Send contact info
Send and read SMS messages
Place phone calls
Silently download files
Launch web browser
And more...
Malicious Developer can control
the phone remotely and access
users private information

lookout

Repackaging Andriod

...
86

iOS
App Store Android
Google Wallet

2.
(Web-Based Threats)

4 ...

87

Flash Player PDF Reader

(Phishing)










Password



(e-Transaction)

...
88

 ThaiCERT
www.thaicert.or.th
Android

downloads.applications.customersecurity.user-3729.com
1
2

1 DNS Lookup Whois

4 ...

89


(OTP - One Time
Password)
(Permission)
SMS 3

3 (Permission)

...
90

SMS
(+79255419513)
funnygnommi.com

SMS

 4 ...

ThaiCERT
Google Play Store
Google Play Store

Google Play Store

o Developer
Developer
: Krung Thai Bank PCL.
: Bangkok Bank PCL
: Siam Commercial Bank PCL.
: Bank of Ayudhya Public Company
Limited
: 2Fellows Network and Design co.,ltd
Thanachart Bank Plc.
o

o (Permission)
SMS

91

3. (Network Threats)

(WiFi) (Bluetooth)
(WiFi Sniffing)


Sniffer
Firesheep
Firefox
HTTPS

Cookie
Cookie

Clients Return Cookie to

Severs by Adding Fields
to HTTP Request Headers

...
92

Client

HTTP Response Headers

Contain Cookie Data Destined
to be Stored on Client

Server

Cookie

 Firesheep

4. (Physical
Threats)

4 ...

93

4.3

...
94

 4 ...

1. :
App Store Google Wallet



2. :





3. : Anti-Virus

4. :

(One Time Password : OTP)
OTP


5. () :

6. :

95

7. :

8. :


9. WiFi : WiFi
Bluetooth

10. :

...
96

 4 ...

97

@ ETDA

05

5.1

...
100

1.

(Operating System)

Windows
Windows Update
Microsoft
Windows Update
www.update.microsoft.com
Windows Update

www.update.microsoft.com Windows Update

101


...
102

2.

3.






Password



Password

4. Anti-Virus




Anti-Virus (Threat)


Anti-Virus

5.

Microsoft
Windows

Windows
Microsoft

Windows

6.
(Open Source Software)

(Source Code)

(License)


(Closed Source Software)

103


...
104

Microsoft Windows Microsoft

Windows Defender

Windows Update

Windows

5.2

1. Anti-Virus Internet
Security

2.

Baidu PC Faster

Baidu PC Faster

AVG, AVIRA, avast, PC Tools AntiVirus Free,
Microsoft Security Essentials, ThreatFire Antivirus Free Edition, Emisoft
Anti-Malware, Panda Cloud Antivirus Free, Multi Virus Cleaner

105

Cloud Scan

Baidu PC Faster

Baidu PC Faster
Glary Utilities,
TuneUp Utilities, Advanced System Optimizer, SystemSuite
Baidu PC Faster

...
106

5.3 ...

1.

2.

3.

4.

107

...
108

343 ...
.. 2550 14(1)
343 341




342

... .. 2550
14
(1)



(1)

(2)

(3)

IP Address ISP
ISP IP Address

(4)

(5)

(.)

109

(1) http://complain.ocpb.go.th


(2) .

http://complain.ocpb.go.th (.)

...
110

5.4

https://www.thaicert. . 0-2123-1212
1212
or.th
office@
()
thaicert.or.th,

report@thaicert.or.th

http://www.etda.or.th . 1212

occ@etda.or.th

http://www.1213.or.th . 1213

fcc@bot.or.th

http://www.
. 0-2205-2627
hightechcrime.org/ team@

hightechcrime.org

http://www.ocpb.go.th . 1166
consumer@

ocpb.go.th

 ETDA
.

e-Commerce

ETDA
()

SMART THAILAND

SECURE e TRANSACTIONS

ETDA
?

Secure e transactions : Opportunities for Thailand

()

33/4 B 21
10310 0-2123-1234 0-2123-1200
. www.etda.or.th

...

()

33/4 B 21
10310
0-2123-1234 0-2123-1200
. www.etda.or.th
www.mict.go.th

ISBN 978-616-7318-95-0

9 786167 318950