Cyber criminals eye Black Friday
In spite of the negative effect the COVID-19 pandemic and ensuing lockdowns has had on SA’s economy, annual Black Friday sales are going ahead, with many retailers opting to extend the promotion for the whole of November instead of a single day.
However, where there is money to be made, you can be sure cyber criminals are waiting in the wings. Like pickpockets, they go where the crowds are, and will be looking for ways to exploit shoppers.
“E-tailers are expected to capitalise on people staying at home and avoiding potentially large crowds at physical stores," says Lehan van den Heever, enterprise cyber security advisor at Kaspersky in Africa. "With more than half of local shoppers who normally shop in store for Black Friday indicating they will not this year, the signs point to a surge in online shopping.”
He says this gives bad actors many potential targets to infect with malware, perpetrate identity theft, or steal credit card details. “Cleverly-designed phishing scams that masquerade as discounts from popular brands have become almost indistinguishable from the real thing.”
Consumers need to remain alert, irrespective of whether shopping for Black Friday or the festive season. As always, fake sites will be a big problem, as each year they become more sophisticated and harder to tell apart from the genuine article.
He says the common maxim of ‘if something sounds too good to be true, it is’, should be heeded. “For example, 80% off on that smart TV is highly unlikely. Steep price reductions, especially in South Africa, should be a red flag.”
In addition, be on the lookout for spelling mistakes in URLs for popular sites and unsecured links to online stores and checkout baskets. “When in doubt, always type in the Web address of your preferred store instead of clicking on an e-mail or social media link,” Van den Heever stresses.
Moreover, he advises online shoppers to make their online retail account passwords as long and difficult to guess as possible. “If the store has the option available, choose to activate multi-factor authentication. In this way, even if a hacker steals your password, the site will still require you to confirm a one-time pin sent to your smartphone or tablet. Using a good password manager is vital. Even the answers to the typical security questions to reset passwords should be made up. In this way, hackers cannot use potentially sensitive information on your social media profiles. Store these made-up answers as an encrypted note in your password manager.”
Ideally, he says one should always sign out of accounts when leaving a site, particularly if it is accessed via a public or work computer. “Never use freely available WiFi hotspots to do any online banking or shopping. Hackers use sophisticated tools to 'sniff' out passwords at coffee shops or restaurants.”