Black Friday/Cyber Monday: Protect yourself

Latoya Newman|Published 2 years ago

Tread carefully when shopping online. If a deal looks too good to be true, it could be a scam. Picture: File

THE average South African will spend more than R1,600 during Black Friday sales on clothes, electronics and shoes.

Shoppers, on average, will buy 4.5 items on average.

This is according to a report by Black-Friday.Global. It also said 64% of bargain hunters would choose both online and off-line sales.

“Past years’ statistics indicate that the most popular categories of products among Black Friday shoppers in South Africa are clothing, shoes, groceries and electronics, as well as home appliances.

“Around the world, widely understood fashion products take the lead during Black Friday. Nonetheless, in some countries like Brazil, Switzerland, India, Malaysia or Romania, electronics prevail in shopping carts,” it said.

The report was created based on data provided by Picodi.com, a global discounts provider. Black-Friday.Global, a site dedicated to Black Friday deals, was created by Picodi.com. Twelve thousand participants from 55 countries took part in the survey.

People are seen shopping in large numbers during the Black Friday specials at Makro in Wonderboom. Picture: Oupa Mokoena/African News Agency(ANA)

ONLINE SAFETY

Since the Covid-19 pandemic, more South Africans have become comfortable with online shopping, which also carries with it cybersecurity risks.

The POST asked the South African Banking Risk Information Centre (Sabric) about the issue in the country, especially over Black Friday period which in many cases extends to the end of November.

Nischal Mewalall, the CEO of Sabric, said: “Black Friday has gained traction in the last decade and has evolved from a one-day event to spanning up to two weeks. Cybercrime increases on Black Friday and Cyber Monday due to the increase in online transactions, which increases the probability of fraud taking place.”

Mewalall said there were a number of common types of scams that banking clients fell prey to at this time. He identified and explained how these scams worked:

* Phishing emails: phishing emails request that users click on a link in the email which will direct users to a “spoofed” website. This is a site designed to fool users into thinking that it is legitimate to obtain, verify or update contact details or other sensitive financial information. The spoofed website will look almost identical to that of a legitimate or well-known financial institution. Phishing emails, which are a form of spam emails, are typically sent in large numbers to consumer email accounts. The criminals send them in the hope of tricking recipients into disclosing their personal information in bogus online platforms on the spoofed websites.

Criminals are combining phishing attacks with illegal SIM card swaps to raid bank accounts. PICTURE: FILE

* Identity theft: Your personal information can be used by criminals to assume your identity and acquire retail or bank accounts, or even defraud your insurance, medical aid and Unemployment Insurance Fund. In some instances, they impersonate you, and using social engineering, access your bank accounts and do transactions. As some personal information such as your identity number cannot be changed readily, and other personal information such as your home and work addresses are impractical to change, we recommend that you consider the following precautionary measures when you are required to provide personal information for security verification purposes:

– Do not use the information that may have been compromised. Rather use other personal information that you have not used previously to confirm your identity in future.

– Register a new email account.

– Implement dual authentication for all accounts and products, especially for financial services products.

– Register for SMS notifications to alert you when products and accounts are accessed.

– Conduct regular credit checks to verify whether someone has applied for credit using your personal information and if so, advise the credit grantor immediately.

– Investigate and register for credit related alerts offered by credit bureaus.

– Check your bank statements regularly.

* Card-Not-Present (CNP) fraud: the data necessary to perpetrate CNP fraud is compromised in various ways ranging from phishing and malware to large-scale data breaches. CNP fraud enables criminals to access the bank card number, expiry date and CVV2/CVC2 (three digits at the back of the bank card) without the knowledge of the bank client when the card is handed over for payment. With this information, the criminal can transact fraudulently on the internet or phone as if they are the genuine card holder. Criminals are also known to ask for card numbers, expiry dates and CVV/CVS numbers in phishing emails. Malware is further utilised to search for card-related information and to send it to a destination under control of the criminal.

Criminals will use fake holiday and shopping deals to lure their victims. PICTURE: FILE

* Classified/holiday scams: criminals set up bogus websites offering specials on certain gifts, from holiday accommodation to air tickets. The victim then clicks on the website as it looks professional, and the price appears to be low. The victim then makes a purchase using their credit card details thinking they are buying from a genuine company. The purchase goes through, but the victim never receives the goods as the website is fake. The criminals then have access to the customer’s bank details and can use these fraudulently. They can also steal the identity of the victim.

* Online shopping scams: online shopping has created lucrative opportunities for criminals to trick people into paying for goods they will never receive or to obtain your personal information for their own financial gain. Unbeknown to shoppers, they could create an opportunity for criminals by being enticed by a good deal online via a mailer or Facebook advert. After you have paid for your purchase in full, you don’t receive the goods and when you try to contact the online retailer, there is no response.

STATISTICS

According to Sabric’s Annual Crime Stats 2021, released a month ago, during 2021 there was an 18% decrease in digital banking fraud reported incidents. These are mainly attributed to a reduction in mobile banking fraud incidents.

However, despite the decline in incidents, there was a significant increase of 45% in gross losses, from R310,484,349 in 2020 to R438,238,743 in 2021.

Victims seemed to be losing more money in the respective incidents.

“Social engineering techniques, including, but not limited to phishing, vishing, smishing, email hacking and business email compromise continued to prevail and were the most prominent fraud methods in the digital banking fraud space,” the report said.

Bank customers have been warned SIM-swap scams. Picture: Steve Marcus / Reuters

It said a popular form of vishing used by scamsters is to phone a victim, impersonate a bank official or service provider and use social engineering skills to manipulate the victim into disclosing confidential information, which is then used to defraud them.

“A tactical part of these MOs (modus operandi) was the interception of transactional verification tokens, like one-time PINS (OTPs) and random verification numbers (RVNs). This was achieved through SIM swops via the unsuspecting bank client’s mobile service provider. The number of incidents involving SIM swops increased from 2 686 incidents in 2020 to 4 386 reported in 2021.”

RED FLAGS

Mewalall shared these tips to look out for with regards to Black Friday scams:

* Only shop at reputable retailers and avoid unknown ones, even if the offers appear to be amazing.

* Be aware that online fraud is on the increase and that organised crime syndicates are behind it. These criminals want your banking details, so never save your bank card details on e-commerce sites. It might put you at risk of falling victim to fraud.

* Criminals create fake websites that copy legitimate brands. Make sure that when you navigate to a website, that you did not click on a link to access it. Rather type the URL directly into your browser, if you know what it is, or do a browser search and navigate to the site using the search results.

Beware of online adverts that sound too good to be true and contain spelling mistakes. PICTURE: FILE

* Only enter your card information on the e-commerce site’s payment platform. Don’t be tricked into doing an EFT or making a payment outside the site.

* Be wary if an e-commerce site does not redirect you to confirm your transaction via your bank’s 3D secure page or via your own bank’s mobile app before you pay for your purchase.

* Never click on unknown links in emails, or open email attachments from unknown sources.

* Criminals send links in emails, SMSes and WhatsApps that appear to be from legitimate sources. These links will typically route you to a fake login screen that harvests your login credentials to give criminals access to your various online accounts.

* Criminals may then call you pretending to be from the bank, ask you to confirm bank information and read back a one-time PIN sent to you for verification. This is a trick to manipulate you into authorising a card transaction using your stolen card information.

* Monitor your bank accounts to check that no irregular activity has taken place without your consent or knowledge.

“If a deal seems too good to be true, it probably is,” said Mewalall.

* For information about banking fraud, see www.sabric.co.za

POST