While South African consumers are generally alert to common cyber scams such as fake e-commerce sites, there are many other ways cybercriminals could compromise consumers’ digital security and financial well-being.
This is the warning from committee members of the cyber security special interest group (SIGCyber) of the Institute of Information Technology Professionals South Africa (IITPSA), who note that alongside the joy and merriment of the festive season, danger lurks in the online space.
SIGCyber phair and Professor at the Centre for Research in Information and Cyber Security (CRICS) at Nelson Mandela University, Professor Kerry-Lynn Thomson, says: “While the festive season is a time of celebration and family gatherings, it is also a time for increased activity from social engineers and cybercriminals. Social engineering attacks during the festive season often take advantage of increased online activity and shopping to manipulate individuals into taking actions or divulging sensitive information, typically for malicious purposes.”
SIGCyber vice-chair Doctor Mafuwafuwane notes: “While retailers and cybersecurity professionals are constantly working on ways to protect shoppers and close down cybercriminals and scammers, it’s more like the game of cat and mouse, which never ends. Cybercriminals and scammers work year-round, but they do tend to turn up their efforts during the high-spending holiday season to capitalise on the mood of innocent consumers. Scams come in all forms and sizes, but they always come with red flags that can help you spot them.”
Professor Lynn Futcher, SIGCyber committee member and Professor at the Centre for Research in Information and Cyber Security (CRICS) at Nelson Mandela University, says: “Some recent experiences have unveiled disturbing trends in cybersecurity threats.”
They highlight a number of threats to unwary consumers:
Fake services
Prof Futcher says one of the most misleading threats comes in the form of fake online service sites. “These deceptive platforms masquerade as legitimate services, luring users into monthly subscriptions that quietly tap funds from accounts, often in small amounts that one would not typically notice.
“Such threats can be mitigated through practicing vigilance and scrutiny, by regularly reviewing one’s bank and credit card statements for any unauthorised or suspicious transactions, and reporting any such discrepancies immediately to your bank,” she says.
Fake e-visa sites
Another danger lies in counterfeit e-visa websites, craftily designed to mimic official government platforms, they warn.
Prof Futcher says: “These websites offer e-visas for travel to various countries, but in reality, they are after one’s sensitive personal data and funds. If in doubt, consult your travel agent for advice BEFORE using any e-visa services.”
Fake holiday listings
For those who plan to travel this festive season, the SIGCyber notes that even trusted platforms like Booking.com and Airbnb are not immune to cybercriminals.
“Scammers create fake listings, leaving unsuspecting travellers stranded with no accommodation upon arrival. To mitigate this, it’s essential to exercise extreme caution, verify the legitimacy of platforms, and rely on trusted sources for reviews,” Prof Futcher says.
Fake shipping notices
Prof Thomson says cybercriminals could also trick consumers by sending fake shipping notifications, claiming that a package is on its way.
“These messages may contain malicious links or attachments, and the goal is to trick individuals into clicking on them, potentially leading to the download of malware,” she says.
Fake charities
Cybercriminals may also go so far as to create fake charity websites or send emails pretending to represent legitimate charities. Prof Thomson says: “They can exploit an individual’s generosity during the festive season to trick them into making donations that end up in the wrong hands.”
Fake promos
Prof Thomson warns that the festive season is also the time when many fake promotions or giveaways are created to lure individuals into providing personal information. “These schemes often promise attractive prizes or discounts, which exploit the individual’s desire for festive deals,” she says.
Staying safe
Prof Thomson says: “To avoid becoming a victim of cybercrime over the festive season, it is really important for individuals to exercise caution when receiving unsolicited emails or messages, and to verify the legitimacy of the source before taking any action. The identity of individuals or organisations should be verified, especially if they are asking for personal or financial information.
“And when making donations or purchases, individuals must use official websites and verified payment methods to ensure security. By staying vigilant and adopting a cautious approach to online interactions, individuals can reduce the risk of falling victim to social engineering attacks during the festive season and in the future.”
Mafuwafuwane offers the following advice for a safer festive season online:
Here’s what you need to know about festive season scams and how to avoid becoming a victim.
Do not save your credit card information on retail sites.
If possible, use a third-party payment method like Apple Pay, Google or PayPal to pay online.
Disable international purchases on all credit cards.
Only make purchases over trusted Wi-Fi, such as a vulnerability-free home WiFi or a cellular network, never on a public Wi-Fi where your payment could be intercepted.
Fake websites and fraudulent apps are linked to phishing. Pretending to be a trusted retailer, the cybercriminal sends an official-looking email or text message, usually with a link to a fraudulent website designed to look just like a legitimate, trusted retail site. The intent is for hackers to get their hands on your data, like your credit card number, identity number (ID) or website username and password.
Here are some ways to recognise a phishing email:
The sender’s email address looks almost right but contains extra characters or misspellings.
The message warns that you must take rapid action and asks you to click a link and enter personal details.
Creating safer spaces for consumers
SIGCyber committee member, Bryan Baxter, says the festive season is likely to increase cyber security risks for all organisations.
“With the festive season approaching, cyber threats will increase. Being prepared and providing effective leadership is important. In the words of Franklin D Roosevelt, “a smooth sea never made a skilled sailor,” and the turbulent cyber seas of today demand unique leadership skills. Recent events, such as the Securities and Exchange Commission action against the SolarWinds Chief Information Security Officer, underscore the importance of Cybersecurity leadership,” he says.
He says an effective cybersecurity leader in this dynamic landscape is one who:
Influences their organisation and industry in the right direction.
Ensures transparency and proper governance.
Guarantees accurate reporting of the organisation’s cybersecurity posture.
Secures genuine buy-in from stakeholders beyond mere compliance.
Communicates with the business using understandable language.
Takes ownership and drives necessary outcomes for the business.
Baxter says: “While South Africa boasts notable leaders in the cybersecurity industry, there remain companies neglecting basic security measures, which is evident in recurring data breaches. The festive season amplifies security risks, making it imperative for these companies to redirect and cultivate effective cybersecurity leadership.”
He notes that a dedicated cybersecurity leadership development program should concentrate on:
Engaging effectively with the C-suite.
Crafting a robust cybersecurity strategy and roadmap.
Quantifying cyber risk and developing a compelling business case for cybersecurity.
Executing the critical first 100 days of a CISO programme.
Managing third-party supplier risks effectively.
Establishing criteria for selecting cybersecurity partners and solutions.
Gaining insights into selecting the right controls for people, technology, and processes.
Implementing best practices for assembling a successful multidisciplinary cybersecurity team.
Says Baxter: “Collaboration within the cybersecurity community is essential to elevate professionalism in the industry. Beyond weathering the storm, it’s about mastering the art of leadership in these challenging times, particularly when security risks escalate during the festive season.”