The December holiday season is prime time for cyber criminals and fraudsters, largely because people let their guard down and shop around for bargains more than usual over this period.
This is the warning from members of the cyber security special interest group (SIGCyber) of the Institute of Information Technology Professionals South Africa (IITPSA).
Safer shopping
Doctor Mafuwafuwane, executive head: security services at Nexio and SIGCyber member, says: “The holiday season in South Africa is a period marked by festivities, shopping, and reconnecting with family and friends. However, it also presents increased cybersecurity threats. As online shopping for holiday bargains and travel arrangements becomes more prevalent, cybercriminals are eager to take advantage of the heightened activity. Scams such as phishing emails, fraudulent promotions, and imitation websites entice unsuspecting individuals into divulging sensitive information or making unauthorised payments.”
He warns: “South Africans are especially vulnerable during significant sales events like Black Friday and holiday specials. To protect yourself, it is crucial to confirm the authenticity of websites, utilise secure payment options, and refrain from clicking on unsolicited links that offer deals that seem too good to be true. Local businesses must remain alert, enhancing their cybersecurity protocols as the frequency of year-end cyber attacks increases.”
Beware social engineering
Professor Kerry-Lynn Thomson of the Centre for Research in Information and Cyber Security (CRICS) at Nelson Mandela University, adds: “The festive season is the time when cybercriminals, and more specifically social engineers, take centre stage by targeting individuals through increased online activities, typically for malicious purposes.”
She explains: “Rather than hacking using technical means, social engineers exploit human vulnerabilities and trust. Over the festive season, social engineers often leverage holiday-themes in attacks such as phishing emails to manipulate users into giving away sensitive information.”
One example is fake courier scams, she says: “At this time of the year, it is not uncommon to receive numerous emails from ‘couriers’ indicating that a parcel is awaiting delivery. This is an example of a phishing email with a holiday theme as many individuals may have ordered items online over the festive season. These messages often include malicious links or attachments designed to deceive individuals into clicking on them, which can result in the unintended download of malware or may ask for money to be transferred to release the parcel.”
WiFi awareness
Mafuwafuwane notes that risk increases when people are travelling on their holidays: “Public WiFi networks, frequently available in shopping centres, airports, and cafes during the holiday rush, introduce additional risks. Many South Africans inadvertently compromise their personal information while using these unsecured networks to shop online, check bank accounts, or access work emails.
“Employing a Virtual Private Network (VPN) is vital for encrypting your connection and safeguarding your data. Activating two-factor authentication (2FA) on essential accounts, such as online banking and email, provides an extra layer of security.
“Employers should remind employees to keep personal and work-related activities separate on company devices, particularly when working remotely during the holiday season. This practice helps prevent unintended data breaches or malware infections.”
Cellphone cyber security
Bryan Baxter, enterprise account manager at BC Technologies, says: “Cyber criminals love the festive season. It is the best time to take advantage of unsuspecting consumers. Cell phones are targeted as they are a convenient way to access online banking, social media and web sites for online purchases.
“In 2023, Kaspersky blocked 33,8-million malware, adware, and riskware attacks on mobile devices. Common attacks use social engineering to trick users to download malware, dodgy applications, click on malicious links or respond to scam SMS or WhatsApp messages.”
Reducing risk
Prof Thomson advises: “To stay safe from social engineers and cybercrime during the festive season, people should remain cautious and skeptical of unsolicited emails, messages and phone calls. Individuals should adopt a ‘zero trust’ mindset by always verifying the legitimacy of the sender or caller before taking any action. It is essential to confirm the identity of individuals or organisations, particularly when they request personal or financial information. When making purchases and interacting online, it is important to make sure you are using legitimate websites and trusted payment methods.”
Mafuwafuwane says: “Whether you are seizing a last-minute offer, planning a trip to the coast, or simply spending quality time with your family, maintaining good cyber hygiene is imperative. Remain vigilant against scams, secure your devices, and avoid sharing sensitive information on untrusted platforms. By staying alert and proactive, South Africans can ensure a safe, cyber-secure holiday season while focusing on what truly matters – celebrating with loved ones.”
Baxter highlights a number of basic cyber hygiene practices will prevent most attacks:
- Be careful what links you click on in social media and email. Type the link in yourself in the browser if possible.
- Be wary of new or unknown retailers. Check their sites and reviews. How long has the site been active? If a deal looks too good to be true – it is probably a scam.
- Use virtual cards for one-time online payments and cancel them afterwards.
- Know what is installed on your phone. Only load authentic mobile apps that you need. They should be verified by the app store. Check reviews and the number of users.
- Keep mobile applications and phone software updated.
- Install a mobile antivirus application, there are many decent free ones.
- Have a plan if your phone is stolen. Change online passwords immediately. Have backup email accounts.
- Ensure your phone has security enabled to open it i.e. biometrics or a password.
- Enable 2 factor authentication for sensitive applications and sites.
- Ensure you use unique complex passwords. Password managers are a big help.