Protect yourself online this Black Friday and Cyber Monday

Avoid giving into pressure-purchases to protect yourself from cyber attacks this Black Friday: PwC experts warn

This year marks a decade since Black Friday was first introduced to consumers across South Africa. With each year, the shopping event has gained popularity—and in many ways mirrors the shopping frenzy experienced across the United States, where it originated. With Black Friday and Cyber Monday once again upon us, consumers are searching for deals that will earn them the best bang for their buck.

“This year, the event days (Friday, 29 November and Monday, 2 December) arrive after the traditional ‘payday’ being the 25th of the month,” says Christie Viljoen, PwC South Africa Lead Economist for Macro Analysis. “Alongside this, a declining trend in inflation, and a lowering in interest rates, measures of consumer confidence have improved to the highest since before COVID-19. This suggests to retailers that consumers may be likely to open their wallets a little wider this year.”

With various retailers offering phygital shopping experiences (a blend of physical and digital experiences, creating a seamless interaction between the two worlds), millions of consumers are resorting to doing much of their shopping online. This provides a fertile breeding ground for cybercriminals who intend to take advantage of the increase in online shopping activity.

“The risks of online shopping, especially during the festive periods and Black Friday, are rapidly increasing,” says Junaid Amra, PwC South Africa Forensics Technology Partner. “Cybercriminals make use of social engineering techniques to pose as reputable online retailers or sellers, therefore tricking customers into believing they are getting a legitimate deal. Many shoppers have fallen victim to false advertising and fake offers, resulting in monetary losses. In addition to this, consumers’ personal and financial data is also at risk of being compromised through these types of fraudulent transactions.”

According to cybersecurity experts ESET Southern Africa and Kaspersky, an estimated 90.6 million people worldwide shopped online on Black Friday in 2023, with South Africa’s BankservAfrica recording 1.4 million online transactions—an 11% increase from the previous year. Kaspersky said it saw a 25% rise in phishing attempts targeting online shoppers between January and November, with its solutions blocking over 38 million attempts (up 25% from approximately 31 million during the same period last year).^[1]

Another major concern surrounding Black Friday is the overwhelming pressure that shoppers are under to act quickly to secure the best deals. “This rush can lead to impulsive decisions, making it easier for scammers to exploit the sense of urgency,” says Evan Govender, PwC South Africa Threat Intelligence Associate. “In many cases, limited time offers, or heavily discounted prices may appear too good to pass on, causing shoppers to overlook red flags such as misspelled URLs or suspicious website designs. This heightened sense of urgency, combined with the sheer volume of online traffic, creates an environment where consumers are more likely to make hasty, uninformed purchases that could lead to serious financial and personal security risks.”

Hackers’ most commonly deployed methods

• Phishing, smishing and quishing scams: Cybercriminals send out fraudulent emails, SMS’s or QR codes that appear as though they are a legitimate deal from a reputable retailer, tricking customers into clicking on malicious links. These links may lead to fake websites that steal personal and financial information or install software to continue stealing data.
• Fake websites: Counterfeit websites that mimic well known retailers, offering unbeatable deals that are too good to be true. Customers may purchase items that never arrive.
• Malware: Malicious software can be installed on a device without the user’s knowledge or permission simply by clicking on an advert, link or a pop-up. This kind of software can steal sensitive information, track browser activity or even encrypt your files that will only be accessible after a ransom is paid.
• Payment fraud: Using unsecured payment gateways can lead to a user's bank account being compromised, resulting in personal information and financial data loss.
• "Too good to be true" deals: These are scams that are used to obtain a consumers’ financial or personal information. Consumers should verify online deals before sharing any financial or transactional details.

More recently, we have noticed cybercriminals targeting users who have clicked on malicious links or provided their contact details on online advertisements for special offers. “Attackers may also use techniques where they call people guiding them to specific websites, this is known as vishing,” Amra says. “We have also seen a number of attacks where people are contacted with offers to assist them with installing applications which will allow them to access offers. The application is malicious software and compromises the electronic devices often enabling the attacker to remotely access the device.”

What can you do?

To mitigate these risks, people should consider reviewing current security practices by implementing the following:

• Shop on trusted websites: Always shop from well-known, reputable websites. Look for "https://" in the URL and a padlock icon to indicate the website is secure.
• Use secure payment methods: Credit cards or reputable payment services often offer better protection against fraud. Also avoid using public Wi-Fi when making purchases to prevent your information from being intercepted.
• Consider making use of virtual credit cards with limited funds or limits set when shopping online. As an extra precaution you could log into your online banking portal to freeze or disable the virtual cards and re-enable them when they are needed again.
• Beware of phishing scams: Be cautious of emails or text messages claiming to be from retailers offering incredible Black Friday deals or package deliveries. Avoid clicking on links in unsolicited messages, as these may be phishing attempts.
• Enable two-factor authentication: Enable an extra level of authentication for online payments as offered by your bank or retailers online platform.
• Monitor banking activity: Regularly check your credit card and bank statements for unauthorised charges and report any suspicious activity immediately.
• Review spending limits: Set a daily spending limit on your bank account to help control how much can be spent or transferred. One of the most secure methods for making online purchases is to use a virtual bank card.
• Do not accept assistance or provide remote access to your devices by anyone making contact with you.
• Ensure that all your devices have at least anti-virus and anti-malware software installed and updated with the latest patches.

_{^[1] https://www.itweb.co.za/article/while-prices-come-down-cyber-risks-are-set-to-rise-this-black-friday/KzQenMjyneV7Zd2r}