Be prepared: ‘Tis the season for holiday phishing

As the holiday season approaches, South Africa is gearing up for family gatherings, festivities, and of course, shopping! From Black Friday and Cyber Monday sales through to last minute Christmas shopping, the malls will see heightened foot traffic and online shopping sites will enjoy a seasonal spike.

Here’s the problem. When spending and shopping increase, so do cybercrimes, with cybercriminals seizing the opportunity to exploit unsuspecting South Africans. Social engineering and phishing scams rise, fake online shopping sites pop up, and fraudulent transactions peak.

According to data from fraud detection company, SEON, there is a notable peak in online fraudulent behaviour between December 11th and December 16th. That is when most online criminals set in motion their most mischievous schemes for holiday fraud, but it’s not the only time. As eNCA reports, online fraud is rampant in South Africa, and it’s just getting worse.

As the end of 2023 nears, let’s take the time to unpack the various ways cybercriminals leverage the holiday season to steal hard-earned cash from unwary consumers.

Phishing scams

According to research from Deloitte, more than 90% of successful cyberattacks start with a phishing email. During the holiday season, the number of phishing emails sent spikes, and unfortunately, holiday shoppers feeling the financial pinch of holiday spending may be more likely to be duped into phishing scams. Fraudsters, through any channel available—phone, text, email or website—will be trying to skim personal identifying information wherever possible. Any data stolen will inevitably be used to take over ecommerce accounts, make unauthorised purchases and otherwise wring as much money out of a person as possible.

What to look out for

Phishing scams are designed to look like they come from legitimate sources. Retailers, payment portals, daily deal newsletters—there are many ways fraudsters will try to get you to click on a link or visit a website. During the holiday season, it will most likely be with great deals and discounts.

What to do

• If a deal seems too good to be true, it probably is.
• Always double check the email address and URL of the website.
• If you aren’t sure, Google the company and website and contact them.
• If you click on a link or PDF and realise it seems suspicious, immediately contact your IT department. The sooner a breach is identified, the better.

Counterfeit shopping websites

With an uncanny ability to mirror the appearance of renowned online stores, cybercriminals craft fake websites. Their aim? To ensnare and defraud the unwary shopper.

What to look out for

This is a simple scam that copies a layout of another online store using some logos and text that are easily obtainable online, however, the website won’t be the same as a genuine site. If you aren’t sure, Google the brand and double check it. If it’s an unknown site, look for reviews. The fraudsters lure shoppers to their sites through emails and social media advertising, so double check social sites, websites and email addresses. Once on the site, the shopper selects items and pays, but never receives their goods. There may also be malware embedded in the website that infiltrates the shopper’s computer or network.

What to do

• Exercise caution with unsolicited communications. Instead of clicking on unexpected emails or messages (even if the deal is great), rather Google the retailer’s official site and speak to their customer support.
• Check and double check links and URLs.
• The URL should start with 'https://', and the brand name should have no misspellings.
• Maintain a healthy scepticism of any offer that looks too good to be true.
• Scrutinise the site. A legitimate eCommerce site will include contact details, a physical address and a well-known payment portal. If these are missing, don’t trust the site.

Delivery scams

These phishing scams play on a shopper’s anticipation. A text message or email is sent about a delayed shipment, and when the recipient clicks on the link, they accidently download malicious software onto their device.

What to look out for

These scams work through a sense of urgency. The fraudsters say that a delivery has been held back at customs or is delayed due to insufficient information. The recipient is encouraged to click on a link to make a small payment or to update their details so that the package can be delivered on time.

What to do

• Be wary of unexpected emails and texts. Often there is no delivery, but the consumer clicks on the link anyway thinking someone has sent them something.
• eCommerce delivery sites use reputable delivery partners that are unlikely to have incorrect shipping information. They will also often have online trackers you can follow.
• If it seems suspicious, trust yourself.

The holiday season is a fun, festive and restorative time filled with love and gifts. Make the most of it, but don’t let fraudsters ruin the season. Stay vigilant for phishing scams, maintain a healthy scepticism and stick to brands you know and trust.