As South Africans prepare for the December holidays, the annual wave of online shopping, travel bookings, and digital gift-giving is met by an equally predictable surge in cybercrime.
But this year, things are likely to look a lot scarier. The classic scams we’ve learned to spot are being supercharged by artificial intelligence, making them more personal, plausible, and dangerous than ever before.
The festive season rush, with its mix of distraction and excitement, has always made consumers vulnerable. “The same enthusiasm that drives people to click faster is exactly what cybercriminals rely on,” warns Richard Ford, group chief technology officer at Integrity360.
“But where they used to use generic, one-size-fits-all attacks (that still fooled countless victims), they now have AI-driven tools to craft highly convincing, personalised lures at a massive scale. The game really has changed. You can see it for yourself in your social media feeds: how often do you find yourself wondering ‘is this AI’ these days?”
Global data consistently shows the year’s final quarter sees a spike in phishing and payment fraud. With online shopping in South Africa projected to grow significantly, the opportunities for cybercrime are multiplying.
Here’s how AI is adding a dangerous new layer to the scams you thought you knew.
The AI-cloned storefront and the ‘too good to be true’ deal
Classic festive scams often involve fake websites with unbelievable discounts. Previously, you might have spotted these by their clumsy design, blurred images, or poor grammar.
-
- The AI twist – Today, generative AI can create a pixel-perfect clone of a legitimate retail website in minutes. Social media ads for these sites, also crafted by AI to target your specific interests, no longer seem generic. They might reference products you’ve recently browsed or use language that resonates with your demographic.
- Your defence – Scrutinise URLs to ensure they start with ‘https://’. Be deeply sceptical of deals advertised on social media that seem drastically cheaper than elsewhere. When in doubt, type the retailer’s web address directly into your browser rather than clicking a link.
The hyper-personalised phishing attack
From fake courier notifications to bogus bank alerts, phishing has always preyed on our sense of urgency.
-
- The AI twist – Instead of a generic “Your package has been delayed,” an AI-powered message might now say, “Hi [Your Name], there’s an issue with the [Product You Just Bought] from [Retailer Name] scheduled for delivery to [Your Suburb].” AI tools can scrape data from previous breaches or social media to make the message feel uniquely personal and urgent, dramatically increasing the chance you’ll click without thinking.
- Your defence – Never click on links in unexpected messages. If you receive a notification, go directly to the official website of the courier or retailer to check the status. Remember, your bank will never ask for your password or one-time pin (OTP) via email or SMS.
The deepfake ‘family emergency’
A more sinister evolution involves deepfake technology. A classic scam involves a message from a supposed loved one in distress.
- The AI twist – AI voice-cloning technology can now use a small audio sample from a social media video to create a convincing fake audio message from your child or partner, claiming they’ve lost their wallet or been in an accident and need an urgent e-wallet transfer.
- Your defence – If you receive a panicked message, pause. Call the person back on their usual number to verify the story. Establish a “safe word” with family members that can be used to confirm their identity in a real emergency.
A festive season cyber safety checklist
While threats are more sophisticated, the fundamental defences remain crucial.
Shop smart and stay skeptical
- Verify website legitimacy before making purchases. Look for secure URLs starting with ‘https://’ and check independent reviews.
- Social media ads with deals that seem too good to be true are a red flag and should be checked twice.
- Credit cards and secure digital wallets provide stronger fraud protection than debit cards or EFTs.
- Never enter payment details while connected to public Wi-Fi networks.
- Phishing websites are commonplace, but subtle design cues like inconsistent branding, blurred images, urgent language, and pop-ups with unbelievable offers are all clues to stay clear.
Secure your digital gifting and finances
- Digital gift cards, e-wallets, and online transfers make festive giving easier and riskier if not done carefully. Always double-check account details and never share voucher numbers, one-time pins (OTPs), or passwords with anyone.
- Only purchase gift cards, tickets, and vouchers from official retailer websites or apps.
- Enable two-factor authentication on all banking and primary email accounts.
- Set up transaction alerts with your bank so you’re notified of all transactions and can report any suspicious activity immediately.
Lock down your new devices
The holiday season also means new phones, tablets, smartwatches, or connected home devices entering the household. Before connecting anything new to your Wi-Fi, Ford advises treating it like a potential Trojan horse until proven secure.
- Change default usernames and passwords immediately.
- Install software or firmware updates before using the device.
- Review privacy settings and minimise unnecessary data sharing.
- Install reputable security software to protect your network and devices.
- If your phone is lost or stolen, contact your bank immediately to deactivate any banking apps.
(It’s) The most vulnerable time … of the year
“Although the human factor is often seen as a vulnerability, people who are informed and alert are still the most powerful defence,” Ford concludes.
“Good cyber safety isn’t about being a technical expert. It’s about cultivating a healthy dose of skepticism. Pausing before you click, verifying before you send money, and questioning urgency are simple habits that can defeat even the most sophisticated AI-driven scams.”