When looking for Christmas presents, it is important that South African consumers are aware of potential scams this festive season, says Aamir Lakhani, a strategist and researcher for Global Security.

“Given the spike in digital activity predicted over the holidays, cybercriminals, too, will be making their lists and checking them twice this year. It’s a particularly risky time of the year as shoppers of all ages flock to search engines and online channels to place orders before holiday delivery date cut-offs,” said Lakhami.

Opportunistic hackers know just how to create enticing, seasonally-appropriate lures—and even some of the simplest scams can fool adept online shoppers, added Lakhani.

Global Security provided the following list of common scams:

Online holiday gift card scams

At a time when gift card purchases spike, thieves are on the lookout for easy ways to take advantage, says Lakhani.

“Gift cards are a common vector for cybercriminals and scammers since stealing the money loaded onto them is like stealing cash: Once it’s taken, there’s virtually no way for a victim to get it back.”

Some ways scammers use gift cards are:

•  Fake pins: scammers scratch off the layer of protective coating to write down pin numbers and then “replacing” the coating with a sticker so it looks brand new. They then plug those PINs into software that sends an alert once someone has purchased and activated their gift card—and then proceed to drain all its funds.

• Via email: if you’ve ever received a strange email urging you to help a friend or family member with an emergency – and that email led you down the path of providing a gift card as payment – that email was most certainly a scam, said Lakhani.

• Account takeover attack (ATO): A cybercriminal first obtains account credentials for a particular e-commerce platform by hacking a victim. The criminal then uses this information to make purchases, often high-value electronic gift cards, which are then sent off.

Video conferencing phishing scams

With more people video calling family and friends, scammers may send victims fake video links that prompt a person to download a ‘new version’ of their conferencing software.

The link will direct them to a third-party website where the user can download an installer, said the company. In some cases, the program does install the video conferencing software—but whether it does or doesn’t, it also loads a remote-access program on the host.

“This program gives scammers access to the user’s sensitive data and information, which is either sold on the Black Market or leveraged for identity theft,” said Lakhani.

Phishing

Mobile phishing attempts are especially common for e-commerce shoppers, said Lakhani.

More users than ever rely on their smartphones to make purchases. While these devices may seem less vulnerable to threats, that is actually not the case.

“Online shoppers may receive fraudulent text messages that appear to come from retailers they’re familiar with, for instance.”

“These messages typically contain a link that, once clicked, redirects to a fraudulent website that looks like the retailer’s legitimate site but is designed to extract your personally identifiable information (PII),” Lakhani said.

Vishing and Smishing

With regard to vishing, cybercriminals use phone calls to solicit personal information, relying on “social engineering” tactics to trick you into providing information such as login credentials or bank account information.

“Paradoxically, vishers often leverage our innate fear of cyber scams and attacks to pull off these attacks. For example, a voicemail message may state, “URGENT: Your bank account has been locked due to suspicious activity. Call us back immediately to restore access.”

Then, when the victim calls back, they are asked to provide sensitive information that is then stolen and used maliciously, said Lakhani.

You can avoid vishing by confirming that the phone number from which you received a call or text message does, in fact, belong to the organisation it is claiming to have sent it.

“Keep in mind banks and government agencies almost never contact customers or individuals to provide sensitive information,” said Lakhani.

The researcher also said that they are starting to see a new scam, where they put QR codes on popular products and, make banners or marketing materials, then leave them in stores.

“If a victim sees a product they like, and a sign telling them they can get the product faster or at a discounted price, they are more than likely to scan the QR code.”

According to Lakhami, this leads to them being taken to a scam website or attempting to download malware.

Watch out for these holiday scams in South Africa (businesstech.co.za)