Security20.12.2024

Online shopping scam warning for South Africa

As South Africa enters the festive shopping season, online threats similar to those that arose during Black Friday will again become apparent.

While such scammers are already rife on the Internet under normal circumstances, the increased online shopping activity around annual shopping promotions provides more potential victims.

This is especially true for scams that rope shoppers in because of the “amazing deal” on offer.

While falling victim to online scams may have acquired the stigma that it only happens to those acting out of stupidity, Brian Pinnock, VP of sales engineering at Mimecast South Africa, says this is false.

“If you do fall for a scam, it’s got nothing to do with stupidity. It actually has to do with how our brains work,” Pinnock said.

“Unfortunately, retailers exploit the same part of your brain as fraudsters do.”

Pinnock explains that this is the impulsive part of the brain that thinks very quickly and is very intuitive, causing people to act on a decision without giving it much thought.

The most common method scammers use is phishing, a social engineering technique where a victim is manipulated into following a link to a fraudulent website or online form.

In this case, victims will be lured to a fraudulent website by an offer brought to their attention via email or social media, providing a link to make a purchase.

As Pinnock points out, it is part of our impulsive nature as humans to jump at the idea of a significant discount and immediately make the purchase.

These scams are even more challenging to detect because they replicate online stores, such as the recent fraudulent Checkers website.

Nclose co-founder and business development director Stephen Osler has said that once attackers have created their fraudulent website, they will try to promote it to as many people as possible.

In this situation, he says that scammers are ultimately looking for victims with credit or debit cards to steal their credentials and use the card repeatedly.

Victims will access the site and attempt to make a purchase, only to have the fake payment portal harvest their card details.

An example of a fake website

However, there are ways to protect against these scams.

Osler says that if a deal seems too good to be true, it is.

“When transacting online, you have to be proactive. You have to do your homework and understand who you are contracting with,” said Consumer Goods and Services Ombudsman Lee Soobrathi.

“Make sure you do your best to protect yourself, and while we can’t 100% avoid these fraudulent websites, the proactive approach is best. If you get an inkling that something is wrong, we would suggest staying away from it and not transacting at all.”

Pinnock said some websites can often be legitimate, which further confuses matters. He said the best way to determine whether it is a scam is to scan the URL.

Users can use VirusTotal or the South African Fraud Prevention Service’s Yima website to do so.

Another indicator of potential fraud is if a user is not redirected to their bank’s 3D secure page or mobile app to confirm the transaction.

3D Secure adds an additional layer of security to online transactions by requiring two-factor authentication.

The South African Banking Risk Centre suggests that shoppers choose a strong password or passphrase when registering on a secure site and never save it on any device. The same goes for payment credentials.

For most people, remembering strong and unique passwords for every sensitive website they have an account at is impossible, so using a reputed password manager is advisable.

Considering that these fake websites aim to steal personal information, it is never a good idea to share personal information such as ID numbers or date of birth — something retailers don’t need to process an order.

Show comments

Latest news

More news

Trending news

Sign up to the MyBroadband newsletter