While SA consumers are generally alert to common cyber scams such as fake e-commerce sites, there are many other ways cybercriminals could compromise consumers’ digital security and financial well-being.
This is the warning from committee members of the cybersecurity special interest group (SIGCyber) of the Institute of Information Technology Professionals South Africa (IITPSA), who note that alongside the joy and merriment of the festive season, danger lurks in the online space.
SIGCyber chair and Professor at the Centre for Research in Information and Cyber Security (CRICS) at Nelson Mandela University, Professor Kerry-Lynn Thomson, says: “While the festive season is a time of celebration and family gatherings, it is also a time for increased activity from social engineers and cybercriminals. Social engineering attacks during the festive season often take advantage of increased online activity and shopping to manipulate individuals into taking actions or divulging sensitive information, typically for malicious purposes.”
SIGCyber vice-chair Dr Mafuwafuwane adds: “While retailers and cybersecurity professionals are constantly working on ways to protect shoppers and close down cybercriminals and scammers, it’s more like a game of cat and mouse which never ends. Cybercriminals and scammers work year-round, but they do tend to turn up their efforts during the high-spending holiday season to capitalise on the mood of innocent consumers. Scams come in all forms and sizes, but they always come with red flags that can help you spot them.”
Professor Lynn Futcher, SIGCyber Committee member and Professor at the Centre for Research in Information and Cyber Security (CRICS) at Nelson Mandela University, says: “Some recent experiences have unveiled disturbing trends in cybersecurity threats.”
They highlight a number of threats to unwary consumers:
Fake services
Prof Futcher says one of the most misleading threats comes in the form of fake online service sites. “These deceptive platforms masquerade as legitimate services luring users into monthly subscriptions that quietly tap funds from accounts, often in small amounts that one would not typically notice. Such threats can be mitigated through practicing vigilance and scrutiny by regularly reviewing one’s bank and credit card statements for any unauthorised or suspicious transactions – and reporting any such discrepancies immediately to your bank,” she says.
Fake e-visa sites
Another danger lies in counterfeit e-visa websites, craftily designed to mimic official government platforms, SIGCyber warns. “These websites offer e-visas for travel to various countries, but in reality they are after one’s sensitive personal data and funds,” says Prof Futcher. “If in doubt, consult your travel agent for advice BEFORE using any e-visa services.”
Fake holiday listings
For those who plan to travel this festive season, the SIGCyber notes that even trusted platforms like Booking.com and Airbnb are not immune to cybercriminals. “Scammers create fake listings, leaving unsuspecting travellers stranded with no accommodation upon arrival. To mitigate this, it’s essential to exercise extreme caution, verify the legitimacy of platforms, and rely on trusted sources for reviews,” Prof Futcher says.
Fake shipping notices
Prof. Thomson says cybercriminals could also trick consumers by sending fake shipping notifications claiming that a package is on its way. “These messages may contain malicious links or attachments and the goal is to trick individuals into clicking on them, potentially leading to the download of malware,” she says.
Fake charities
Cybercriminals may also go so far as to create fake charity websites or send emails pretending to represent legitimate charities. Prof Thomson says: “They can exploit an individual’s generosity during the festive season to trick them into making donations that end up in the wrong hands.”
Fake promos
Prof Thomson warns that the festive season is also the time when many fake promotions or giveaways are created to lure individuals into providing personal information. “These schemes often promise attractive prizes or discounts, which exploit the individual’s desire for festive deals,” she says.
Staying safe
Prof Thomson says: “To avoid becoming a victim of cybercrime over the festive season it is really important for individuals to exercise caution when receiving unsolicited emails or messages – and to verify the legitimacy of the source before taking any action. The identity of individuals or organisations should be verified, especially if they are asking for personal or financial information. And when making donations or purchases, individuals must use official websites and verified payment methods to ensure security. By staying vigilant and adopting a cautious approach to online interactions, individuals can reduce the risk of falling victim to social engineering attacks during the festive season and in the future.”