How to spot a cyber scam as we head into Black Friday and festive season

Cyber criminals are preparing to spoil consumers' festive season spending spree.

That’s the warning from cyber security specialist Mimecast.

Mimecast’s Duane Nicol said cyber criminals are likely to strike as South Africa heads into the festive season.

“Following years of pandemic-induced economic pressure, the South African economy is slowly showing signs of recovery. As the country heads into the festive season and the traditional peak shopping period, many consumers are returning to normal, pre-pandemic behaviours, with an expected boom in anticipated retail sales,” said Nicol.

“Retailers are also eyeing a welcome return to growth. In fact, the latest retail sales data indicates a predicted 3% growth in retail sales in real terms for 2022. With Black Friday and the festive period ahead, retailers are hoping for a bumper shopping season.

“However, cybercriminals are preparing to spoil the party. Attacks are almost certain to become more prolific in the weeks ahead as cybercriminals attempt to dupe shoppers into taking unsafe action that could compromise their personal and even financial data.”

In Mimecast's latest “State of Ransomware Readiness 2” report, 70% of South African organisations believed the risk of cyberattacks will increase over the next two years.

The “State of E-mail Security 2022” report found that 94% of South African companies have been the target of e-mail-related phishing attempts, with nearly two-thirds reporting an increase in such attacks.

“The increase in cyber threats is in part being driven by greater digitisation of various aspects of our personal and professional lives, creating valuable sources of information for threat actors as well as potential areas of weakness to exploit,” said Nicol.

“When the first lockdowns were implemented in early-2020, many office workers were forced to work remotely, a situation that has continued despite lockdown restrictions lifting. While this has undeniable benefits to workers, it has created a security nightmare for many organisations.

“With employees working outside the confines of corporate security structures and often under immense pressure, cybercriminals have capitalised by aggressively exploiting the vulnerabilities that come with remote work.”

Nicol said cybercriminals are also becoming increasingly adept at social engineering at scale.

“To illustrate, instead of targeting a person with a phishing attack, they seek to understand what their target's persona represents — for example, a young male that enjoys outdoor sports and activities — and then purchase a mailing list with those interests. This allows them to craft more attractive phishing mails that have a far higher chance at success.”

Nicol said the amount of publicly available personal information on social media is also giving “threat actors valuable data to use in the crafting of their attacks.

“A multilayered cyber resilience strategy that protects people from cyber threats is vital in the fight against cybercrime.

“Second, it is critical that information about likely attack methods and cyber risks reach the most vulnerable. Everyone needs to join forces, from big business to government departments and even celebrities, to help raise the general level of cyber awareness among the broader population.

“South Africans are by nature not fond of showing vulnerability. When we fall victim to a scam, there is a natural tendency to keep it to ourselves. However, by reporting any instances of falling victim to a cyberattack, we can help others become more aware of new threats and equip the authorities with valuable information that may help them find, arrest and prosecute the perpetrators.”

How to spot a (likely) scam

• Check the discount — if you receive an e-mail offer for 70% off a must-have item, proceed with caution. Such a significant discount is likely to feature prominently on the seller’s website, so check there first to see if the offer is legitimate.
• Phone to verify — if you’re unsure if the payment you’re making is to a legitimate business, give them a ring to confirm the amount, the bank details, and any other details before you make payment.
• Pay attention — most businesses now have some form of cybersecurity in place. This means employees may not be receiving potentially dangerous e-mails as the company’s cybersecurity products filter those out. But this can create a false sense of security — when employees are home, they may see more such e-mails land in their inbox, increasing the chances of them clicking on an unsafe link or opening a malicious attachment.
• Report threats — if you do receive an e-mail that is obviously a phishing attempt, don’t just ignore or delete it. Report it to your security team and, if it warrants it, to the authorities.

TimesLIVE

Support independent journalism by subscribing to the Sunday Times. Just R20 for the first month.