This Friday (29 November) is Black Friday, a discount shopping event South Africans have happily embraced.
Last year, BankServAfrica reported that local shoppers spent nearly R3-billion in 4,8-million Back Friday sale transactions, and this year’s sale is expected to be even bigger.
With bargain hunters already flexing their clicking fingers to snap up bargains online, Fortinet warns that not all online offers are a good deal.
“Big events like Black Friday are a perfect opportunity for cyber criminals to flood inboxes with ‘special offers’ that don’t exist, leading shoppers to fake websites where they part with their banking details to fraudsters,” says Doros Hadjizenonos, regional sales director at Fortinet.
“Shoppers who fall for these phishing attacks will not only not receive the goods they ordered – they could also become victims of identity theft and have their bank accounts cleaned out by criminals.”
South Africa is not immune from phishing attacks: recently, Fortinet researchers studying phishing domains found that South Africa was among the top 20 countries targeted in a large influx of phishing attacks. In addition, 59% of all successful ransomware infections are also transported via phishing scams.
Last year, payment card fraud cost South Africans over R873-million, according to the SA Banking Risk Information Centre (Sabric), and many of the losses occurred in transactions where the card was not present – such as in online shopping.
Shoppers are particularly vulnerable to phishing attacks when they’re sifting through masses of special offer emails, or sitting up at midnight hoping to grab the best bargains.
To avoid being fleeced this Black Friday, Fortinet recommends:
* Don’t click through to websites from emails. Before clicking on a link, hover the mouse over it to check the URL. If it replaces letters with numbers, such as amaz0n.com don’t click on it. If you see a tempting deal, rather type in the known site URL and look for the deal yourself.
* Be sceptical. Unusually low prices and high availability of hard to find items are red flags for scam sites. There are some good deals out there, but be very cautious if a deal looks too good to be true.
* Phishing attacks can also be carried out through rogue mobile apps, which can also be used to mine for data or install ransomware. Be wary of unexpected invitations to install new apps on your mobile device.
* Stick to reputable online retailers. If a site looks unprofessional, has lot of popups, bad grammar, unclear descriptions and misspelled words, it may not be legitimate.
* Make sure your connection is secure. When you are about to make a purchase, look at the address bar of your browser and make sure that it starts with https:// rather than http://, or look for a small lock icon on your browser. These mean that your transaction is protected.
* Before shopping, check the payment mode. Avoid sites that require direct payments from your bank, wire transfers, or untraceable forms of payment.
* Use your credit card and not your debit card to make a purchase, as most credit cards have built-in fraud protection and are not directly connected to your savings account. Even better – use a credit card that has limited credit available: that way, there are limited funds available to be potentially stolen.
* Don’t fall for emails or phone calls apparently from your bank, asking you for personal information or card PIN numbers. If the communication sounds legitimate, call your bank back yourself.
* Subscribe to your bank’s SMS notification service to be alerted to every transaction.
* Make sure all your devices are updated and patched. Providers issue regular security updates designed to protect you from known threats.