With the biggest shopping period of the year about to kick off – starting with Black Friday (24 November) and Cyber Monday (27 November) – cyber security experts are warning shoppers to remain hyper-vigilant as cybercriminals are also gearing up to take advantage of this annual shopping frenzy.
This is according to Candice Toprek, underwriting lead: personal cyber at iTOO Special Risks, who says that consumers are not the only ones hoping to score big during this period. Scammers are employing increasingly sophisticated methods to take full advantage of unsuspecting online shoppers.
“While we are rapidly moving towards becoming a cashless society and there are an increasing number of platforms – whether online or within physical stores – that are designed to facilitate this transition, consumers must remain alert,” says Toprek.
“Transacting via digital payment methods, cards, e-wallets or other electronic payment systems is safer from the point of view that consumers do not have to carry around large amounts of cash. However, these payment systems bring other risks with them that people should be aware of.”
She notes that cyber security experts are already witnessing an increase in counterfeit e-commerce sites that pretend to be legitimate brands, with cyber security company Fortinet warning that “big events like Black Friday are a perfect opportunity for cyber criminals to flood inboxes with ‘special offers’ that don’t exist, leading shoppers to fake websites where shoppers happily disclose their bank details or personal information.”
Similarly, Kaspersky cautions that Black Friday will see more cybercriminals using botnets that distribute banking Trojans aimed at stealing users’ financial data, predominantly targeting online shopping customers. Considering that this year’s Black Friday event is expected to generate a whopping R26-billion in sales, up from R19 billion in 2022, it is little wonder that hackers will be pulling out all the stops to get their hands on a slice of this lucrative pie.
“What shoppers need to keep in mind is that even when there is no direct financial gain for hackers, personal user account information contains a host of valuable data, which is highly valued on the underground market and will inevitably yield a financial reward,” says Toprek.
“Often loyalty programmes are linked to your online account, so gaining access to your profile would also mean getting access to your bank account information. As many websites make use of the same third-party resources, attackers know they just need to compromise a single component to skim data from a huge pool of potential victims.”
Historically, the most popular spending categories amongst South African consumers on the Black Friday weekend are groceries and food, general shopping and clothing, followed closely by fuel, alcohol and furniture.
Toprek advises online shoppers to follow several basic rules to stay safe during the Black Friday weekend:
* Don’t save your card information. Retailers often ask if you want to store your card information on their site for faster checkout in the future. It’s a good idea to decline this option to reduce the chances of having your card information compromised in a retailer data breach,
* Never use free WiFi for online banking and shopping,
* Beware of phishing emails,
* Check your account regularly for any suspicious activity so you can take early action if your bank account has been accessed,
* If you receive an unexpected authentication message when you are not shopping online, block the transaction and immediately contact your bank,
* Never click on unknown links or open e-mail attachments from unknown sources,
* Beware of lookalike domains and always shop from authentic, reliable sources,
* Look for the lock symbol for SSL encryption that appears on HTTPS secure sites,
* Identify subtle clues like poor grammar or spelling errors that could indicate that the e-mail is from a fraudster,
* If a deal is too good to be true, it probably is,
* Phone to verify – phone the retailer or bank to confirm the offer, the bank details, and any other details before you make payment,
* Practice a strong password policy,
* Report threats (always) – if you do receive an email that is obviously a phishing attempt, don’t just ignore or delete it – report it to your mail provider, or your IT team if received on your work mailbox. When email threats go unreported it raises the risk level for everyone else.
“Black Friday may be the time to save a lot of money on discounted items but falling victim to cybercriminals could work out very pricey. Consumers must remain vigilant and exercise good judgment when it comes to spending their money. For every special on offer there are probably even more scams waiting to relieve you of your hard-earned money,” Toprek concludes.