With the unprecedented surge in online shopping during the Covid pandemic and the upcoming shopping frenzy of Black Friday, bargains are already online ‒ and cyber criminals are looking for a big pay day.
Black Friday has morphed into Black November, going into Black December as the year-end retail therapy shopping spree has extended in time and in the virtual realm.
Tech companies are warning shoppers to be on high alert for the next couple of weeks.
TransUnion Africa, a global information and insights company, has warned that cyber criminals are on the prowl using Black Friday as the perfect opportunity to steal your identity which results in open season on your bank account.
Statistics by Finder.com on the expected Black Friday shopping spree for 2021, found that almost three quarters (74%) of South African adults will shop on Black Friday as long as the price is right, with shoppers looking for discounts of 50% or more.
TransUnion Africa head of emerging solutions Davina Myburgh, warned that if you received an SMS from a “bank” regarding personal information or an “inheritance” from a long-lost family member, it meant cyber criminals were already courting you and your personal information was vulnerable.
“Our research shows online fraud and identity theft against businesses and consumers is booming. Criminals are constantly looking for new ways to steal your identity and we have to be more vigilant than ever not to fall for these scams,” said Myburgh.
According to a Consumer Pulse study by the group, two in five consumers (40%) reported that they were personally aware of a digital fraud attempt targeted at them in the last three months, with 5% falling victim to the attempt. Nearly half of those consumers (48%) said the fraud attempt was from third party seller scams using legitimate online retail sites.
Known as the “terrible trio”, the three most common ways that scammers get your personal details are phishing, smishing and vishing.
Phishing is using realistic looking emails to get you to click on links or provide personal details.
Smishing is the use of WhatsApp or SMS messages to fool you into giving up personal information.
Vishing is when cyber criminals call you pretending to be your bank, medical aid and/or insurance company.
Mimecast, which specialises in cyber security, has described cybercrime as being “in overdrive in the last 18 months”. Its research has shown sharp increases in all types of cyber attacks and has warned that even top brands can be negatively impacted if their name is used in spoofed websites.
Data from Mimecast’s 2021 State of Email Security report, has warned that trusted brands can lose customers completely if customers fall prey to such websites. Its research showed that 38% of organisations saw an increase in brand impersonation via counterfeit websites, while 47% saw a rise in malicious email spoofing.
According to the Mimecast Brand Trust survey, 83% of South Africans would lose trust in their favourite brand if they got caught on a spoofed website, while 73% said they would not spend with their favourite brand again if they fell victim to a phishing attack involving that brand.
A whopping 89% of consumers believed it was the brand’s responsibility to protect itself from fake versions of its website, while 87% said it was the brand’s responsibility to protect against email impersonation.
The report has also said: “This swell of digital activity of a surge in targeted emails with the work from home trend during lockdown, has presented cyber criminals with numerous new openings for social engineering attacks. During 2020, the Mimecast Threat Centre detected a 64% rise in threat volume compared with 2019.
“A prime target has been employees newly deployed to work from home, where their attention is often diverted by household distractions and at a time when vulnerability to emotional or fear-based attacks has been high. Threat actors were quick to take advantage of this with a flood of new phishing attacks,” stated the report.
As the attacks grow increasingly sophisticated, the intention is always the same ‒ to dupe employees into revealing their log-in details. The survey found that:
- 70% of companies which participated in the survey expect their business to be harmed by an email attack.
- Since the onset of the pandemic, employees are clicking on three times as many malicious emails than they had done before lockdown, with email threats rising by 64%.
- An average of six companies out of 10 suffered from a ransomware attack.
Entersekt’s senior solutions architect, Ellezane Williams, said that with online shopping accounting for an increasing volume in sales as South Africans grew more comfortable with online purchases, so too had the threat grown from cybercrime.
Williams said that in South Africa online retail shopping had doubled in growth between 2018 and 2020, with the Covid-19 pandemic sparking an unprecedented surge in online purchases.
When shopping online, be aware:
- Free wifi is rarely secure so avoid using networks in public spaces.
- Never use the same password for everything.
- Assume all links are phishy and don’t click on any links. It is easy for criminals to set up fake sites that look like well-known retailers.
- Deals don’t come in email attachments.
- Check your account regularly for any suspicious activity so you can take early action if your bank account has been accessed.
- If you receive an unexpected authentication message when you are not shopping online, block the transaction and immediately contact your bank.
The Independent on Saturday