Black Friday scam warning in South Africa
South Africans hunting for bargains online heading into the Black Friday season need to be aware of scammers attempting to defraud them.
However, there are ways to enhance online shopping safety during the festive period.
While such scammers are already rife on the Internet under normal circumstances, the increased online shopping activity around the annual shopping promotion provides more potential victims.
This is especially true for scams that rope shoppers in because of the “amazing deal” on offer.
Many South Africans have recently fallen victim to fraudulent e-commerce websites that lure buyers by promising products for a fraction of the price—a scam that occurs all year round.
These scams usually involve a fake website that appears to be an e-commerce platform or someone impersonating someone else to encourage a transaction.
Nclose co-founder and business development director Stephen Osler has said that once attackers have created their fraudulent website, they will try to promote it to as many people as possible.
In this situation, he says that scammers are ultimately looking for victims with credit or debit cards to steal their credentials and use the card repeatedly.
For instance, local ladies’ fashion retailer Desray recently experienced website cloning. Woolworths and HiFi Corp have also fallen victim to similar attacks.
Osler pointed out that if a deal seems too good to be true, it is. However, Black Friday is renowned for deals that would be interpreted as such on any other day of the year.
This makes navigating the Internet on Black Friday an even trickier task.
“When transacting online, you have to be proactive. You have to do your homework and understand who you are contracting with,” said Consumer Goods and Services Ombudsman Lee Soobrathi.
“Make sure you do your best to protect yourself, and while we can’t 100% avoid these fraudulent websites, the proactive approach is best. If you get an inkling that something is wrong, we would suggest staying away from it and not transacting at all.”
The South African Banking Risk Centre (Sabric) has identified several tips for shoppers and merchants to prevent falling victim to online scams.
One way to check a website’s legitimacy — the first step in deciding whether to transact — is to use the South African Fraud Prevention Service’s Yima website.
The tool scans websites for scams and vulnerabilities, using a combination of risks and feedback from users who have interacted with the website to create a Trust Score.
Users can also install a plugin on their browsers.
In the case of website spoofing, the user interface can be very accurately replicated. Attackers often change a single character in the URL, which often goes unnoticed, even upon close inspection.
Artists Against 419 (AA419), an international volunteer group dedicated to identifying and shutting down scam sites, has a list of over 160,000 fake websites.
A quick scroll through the first page revealed seven fake Cape Union Mart sites that were active at the time of writing.
Another indicator of potential fraud is if a user is not redirected to their bank’s 3D secure page or mobile app to confirm the transaction.
3D Secure adds an additional layer of security to online transactions by requiring two-factor authentication for transactions.
Sabric also suggested that shoppers choose a strong password or passphrase when registering on a secure site and never save it on any device. The same goes for payment credentials.
For most people, remembering strong and unique passwords for every sensitive website they have an account at is impossible, so it’s advisable to use a reputed password manager.
Considering that these fake websites aim to steal personal information, it is never a good idea to share personal information such as ID numbers or date of birth — something retailers don’t need to process an order.