While the festive season is a time of celebration and family gatherings, it is also a time for increased activity from social engineers and cybercriminals. Social engineering attacks during the festive season often take advantage of increased online activity and shopping to manipulate individuals into taking actions or divulging sensitive information, typically for malicious purposes.
This is the warning from committee members of the cyber security special interest group (SIGCyber) of the Institute of Information Technology Professionals South Africa (IITPSA), who note that alongside the joy and merriment of the festive season, danger lurks in the online space.
SIGCyber Vice-Chair Doctor Mafuwafuwane notes: “While retailers and cybersecurity professionals are constantly working on ways to protect shoppers and close down cybercriminals and scammers, it’s more like the game of cat and mouse, which never ends. Cybercriminals and scammers work year-round, but they do tend to turn up their efforts during the high-spending holiday season to capitalise on the mood of innocent consumers. Scams come in all forms and sizes, but they always come with red flags that can help you spot them.”
They highlight a number of threats to unwary consumers:
- Fake services
One of the most misleading threats comes in the form of fake online service sites. “These deceptive platforms masquerade as legitimate services, luring users into monthly subscriptions that quietly tap funds from accounts, often in small amounts that one would not typically notice. Such threats can be mitigated through practicing vigilance and scrutiny, by regularly reviewing one’s bank and credit card statements for any unauthorised or suspicious transactions, and reporting any such discrepancies immediately to your bank,” says Prof. Futcher.
- Fake e-visa sites
Another danger lies in counterfeit e-visa websites, craftily designed to mimic official government platforms. These websites offer e-visas for travel to various countries, but in reality, they are after one’s sensitive personal data and funds. If in doubt, consult your travel agent for advice BEFORE using any e-visa services.
- Fake holiday listings
For those who plan to travel this festive season, the SIGCyber notes that even trusted platforms like Booking.com and Airbnb are not immune to cybercriminals. “Scammers create fake listings, leaving unsuspecting travellers stranded with no accommodation upon arrival. To mitigate this, it’s essential to exercise extreme caution, verify the legitimacy of platforms, and rely on trusted sources for reviews,” Prof. Futcher says.
- Fake shipping notices
Cybercriminals could also trick consumers by sending fake shipping notifications, claiming that a package is on its way. These messages may contain malicious links or attachments, and the goal is to trick individuals into clicking on them, potentially leading to the download of malware.
- Fake charities
Cybercriminals may also go so far as to create fake charity websites or send emails pretending to represent legitimate charities. Prof. Thomson says: “They can exploit an individual’s generosity during the festive season to trick them into making donations that end up in the wrong hands.”
- Fake promos
Prof. Thomson warns that the festive season is also the time when many fake promotions or giveaways are created to lure individuals into providing personal information. “These schemes often promise attractive prizes or discounts, which exploit the individual’s desire for festive deals,” she says.
Staying safe
Prof. Thomson says: “To avoid becoming a victim of cybercrime over the festive season, it is really important for individuals to exercise caution when receiving unsolicited emails or messages, and to verify the legitimacy of the source before taking any action. The identity of individuals or organisations should be verified, especially if they are asking for personal or financial information. And when making donations or purchases, individuals must use official websites and verified payment methods to ensure security. By staying vigilant and adopting a cautious approach to online interactions, individuals can reduce the risk of falling victim to social engineering attacks during the festive season and in the future.”
Mafuwafuwane offers the following advice for a safer festive season online:
- Do not save your credit card information on retail sites.
- If possible, use a third-party payment method like Apple Pay, Google or PayPal to pay online.
- Disable international purchases on all credit cards.
- Only make purchases over trusted Wi-Fi, such as a vulnerability-free home Wi-Fi or a cellular network, never on a public Wi-Fi where your payment could be intercepted.
