By Fady Younes, Cybersecurity Senior Director, EMEA Service Providers and Middle East & Africa at Cisco
End-of-year holiday periods pose a real opportunity to get some shopping done. According to BankservAfrica, consumers spent R93 billion over the 2021 festive season. New research from Xero reveals 74% of South African SMEs in the tourism sector feel optimistic about the 2022 holiday season. But unfortunately, it’s also peak season for cybercriminals. The best way to prevent being a victim of a scam or hack is to understand the mechanisms behind criminals’ methods.
“South Africa currently has the third highest number of cybercrime victims worldwide. We all need to be aware that cybercrime isn’t something that only happens to businesses and ‘other people’,” says Fady Younes, EMEA Cybersecurity Senior Director at Cisco.
Talos, Cisco’s market-leading cyberthreat analytics division, analyses and tracks cyberattacks and identifies trends based on billions of emails sent by the company’s cybersecurity platform. Younes explains the advantages of this: “Excellent security relies on data. The more insights we have into the threat landscape, the better our telemetry is, improving our ability to prevent security incidents.” According to Talos’ Incident Response Trends for Q3 2022, ransomware and pre-ransomware behaviour accounted for 40% of cyberthreats globally.
It's the season
Scams can be seasonal and dependent on events such as the COVID-19 pandemic or the Russian invasion of Ukraine. Criminals use these events to take advantage of our information needs. And during a shopping-intensive period of the year, shopping offers and promotions are used to deceive unsuspecting consumers, leading to an increase in cybercrime towards the end of the year. According to a South African survey by TransUnion, 45% of respondents were targeted at the end of 2021, with up to 8% falling victim to online fraud.
How criminals target victims
Cybercrime can be divided into multiple categories, two of which are traditional fraud crimes (for instance, where you are tricked into purchasing an item that does not exist), and attacks that aim to acquire account details or login information, leading to your device being hacked. Attacks are also becoming more sophisticated. Some are directed at specific people, using thorough research and social engineering to craft “the perfect offer”.
For example, if someone wants to get into your employer’s network, they can use information sourced from your social media, such as your workplace and interests. They may also try to reach you at a time when you’re likely at work and browsing privately via your work computer or mobile phone.
“Consumers must remain vigilant if they’re being rushed to make a decision. A rule of thumb is to ask yourself, ‘Is this offer too good to be true?’, or ‘Does this person really need these details?’,” adds Younes.
Five tips to protect yourself from online scams this holiday season
Set strong and different passwords: With email being the most commonly used method to reset passwords, it’s important to use very strong and different ones for every online account you have.
Add an extra layer of security: Consider using a password manager and multi-factor authentication (MFA) for your online accounts.
Avoid suspicious links and messages: Do not click on links in unsolicited or suspicious-looking emails or messages. Instead of clicking a link that claims to take you to a legitimate website, rather visit the site manually by searching for it on your browser. In addition, do not fill out forms with suspicious communications requesting your personal information.
Stay away from unsafe Wi-Fi: Do not make purchases while browsing on public or unfamiliar Wi-Fi hotspots and connections.
Think before you act: Ask yourself if the deal being offered is too good