Cybercrime: the dark side of Black Friday

Consumers will be vulnerable to online scams when Black Friday (November 26) and Cyber Monday (November 29) set off a buying spree ahead of Christmas.

South Africans are not as vigilant as they should be when it comes to cybersecurity, says one expert, despite warnings of a huge increase in digital crime and "malicious" sites. South Africans have been warned to be on high alert over the next few days.

The SA Banking Risk Information Centre (Sabric) says digital crime incidents increased by 33% from 2019 to 2020 due to the huge shift in consumer behaviour, providing cybercriminals with more opportunities to defraud people.

It says "social engineering" — which includes methods such as phishing, vishing (voice) and smishing (SMS) — is criminals’ greatest weapon, because they know people are the weakest link.

Sabric CEO Nischal Mewalall tells the FM that South Africans must be extremely vigilant on Black Friday and Cyber Monday because these are opportunities for cybercriminals to trick people.

"Since Black Friday runs for a full 24 hours and stock is limited, people feel a sense of urgency and excitement to make purchases at discounted prices. Phishing attacks will spike as criminals try to imitate popular retailers in scam e-mails to dupe unsuspecting consumers into sharing their credit card details on spoofed websites," says Mewalall.

Covid is also playing a role, he says, citing the large-scale move to remote working, which leads to technical vulnerabilities in network security and online collaboration platforms.

"Organisations must ensure they have robust cyber-resilience strategies in place, with effective security controls to detect and prevent cyberthreats. These include the correct tools to maintain business productivity during an attack and facilitate automated backup and recovery capabilities to quickly restore systems and data after an attack."

But retailers also need to put measures in place and take an active role to protect consumers.

Vaughn Naidoo, chief digital and technology officer at Altron Systems Integration, tells the FM that there are many reasons for retailers to do this, the most important being brand reputation.

SA consumers were slow in adopting online shopping, but this changed with the pandemic, he says.

"Therefore it is important to build and maintain trust with shoppers by giving them a safe shopping experience."

Naidoo says SA has a low maturity of cybersecurity, coupled now with a higher internet penetration with high-speed connectivity. All this makes us vulnerable targets.

The crimes, he says, are generally multijurisdictional: any foreign agent can commit cybercrimes in SA without setting foot in this country. "This makes cybercrime very difficult to curb or prosecute, so we have to rely on protection and prevention."

Check Point Research has identified 5,300 malicious websites a week leading up to Black Friday and Cyber Monday. It warns shoppers to be on the lookout for offers that are too good to be true.

The company says it has seen a 178% spike in the past six weeks, compared with the average for 2021, with one in 38 corporate networks affected each week in November against one in 352 earlier this year.

Pankaj Bhula, Check Point’s regional director for Africa, says South Africans should always be suspicious of deals that seem too good to be true and should shop only from reliable online sources.

"We’re living in an age where every e-mail, link or website may have malicious intent. On Black Friday this risk intensifies in a number of ways that affect consumers and businesses alike."

Now that the Cybercrimes Act has come into effect, cybersecurity professionals from the public and private sectors, as well as academia, have joined forces to establish the Cybersecurity Digital Alliance.

It aims to create "a safer digital environment through policy advisory and support, mentorship, education, best practice sharing and research". Membership is free, via cybersecurityalliance.org.za.

Mandla Ngcobo, deputy director-general: chief information officer at the department of public service & administration and a founding member of the Cybersecurity Digital Alliance, says cybersecurity should be a top priority for every organisation and industry.

"This makes it vital for cybersecurity leaders from across sectors to bring their skills and expertise together to assist with the complex modern digital environment and ensure the safety of public and private sector organisations, as well as SA citizens."