This research analyses the security of e-commerce platforms in Indonesia against the risk of phishing attacks using the social-engineer toolkit (SET) application. Of the 31 platforms tested, it was found that 22 platforms have a low-security level because they can be easily replicated to carry out phishing attacks. In contrast, 9 platforms showed a high level of security, as they implemented the step-wise authentication and embedded login methods, which proved effective in protecting the platform from phishing attacks. The effectiveness rate of the SET application in conducting tests was recorded at 70.9%; the percentage is included in the high category. This research also identified that most low-security platforms still use the single-page login method or a special URL for login, making them very vulnerable to phishing attacks. The action research method was used as the research framework, involving five stages: diagnosis, planning, action, evaluation, and learning. The results of this study provide important guidance for platform owners to improve security mechanisms, how to build a login page to avoid the risk of misuse by cybercrime actors to conduct phishing attacks, and for users as a reference to choose a more secure e-commerce platform.