Doros Hadjizenonos, regional director for Southern Africa at Fortinet.

Black Friday sales have become extremely popular in South Africa, so much so that many retailers have extended their sales to last the entire month. It is now a retail extravaganza known as Black November, where both retailers and consumers get to enjoy some serious bargains.

Last year, South African shoppers went all out, spending billions of rands in-store and online on Black Friday. But here’s the thing—while we are all busy grabbing those amazing deals, cybercriminals are lurking in the shadows, ready to pounce on unsuspecting shoppers.

“Consumers need to be extra vigilant about where they buy and how they pay for their purchases in the rush to buy bargains,” warns Doros Hadjizenonos, Regional Director for Southern Africa at Fortinet.

Cybercriminals can take advantage of unwary shoppers by stealing their personal information for identity fraud, stealing their passwords to online accounts, imitating legitimate shopping sites to steal money, or they could even divert payments that shoppers have made to legitimate vendors, says Hadjizenonos.

Making online payments more secure

Online retailers go to great lengths to make sure that payments are protected by using secure payment gateways, explains Hadjizenonos. These gateways handle the payment process on behalf of the retailer, ensuring that the retailer never has access to the customer’s card details or CVV number.

To provide an extra layer of security, trusted payment partners diligently monitor transactions for any signs of potential fraud. Most times, merchants will redirect online transactions to the customer’s bank app for manual authorisation, adding another level of protection.

“If you want to ensure that a website is trustworthy, look for a padlock icon and a URL that starts with ‘https’. These are indicators that the website is using a secure payment gateway and taking your security seriously,” says Hadjizenonos.

Using a virtual card can also make your online purchases more secure. “Nowadays, many banks provide virtual cards that automatically change their three-digit CVV regularly. These virtual cards offer greater security compared to physical cards. If a virtual card gets compromised, it is relatively easy to get a new one.”

Consumers should also subscribe to their banking app’s push notifications to be alerted to every transaction, no matter how small.

The risks around payments

Although there were initial fears regarding the risks associated with contactless payments in-store, the majority of these payments are secure. Nevertheless, malware could potentially target a Point-of-Sale system, functioning akin to a digital card skimmer. “Just like with online payment systems, retailers have the responsibility to ensure that they adequately protect and secure all in-store payment systems.”

While payment gateways secure online transactions, phishing remains a major risk in online shopping, notes Hadjizenonos. “Fraudsters impersonate legitimate brands to deceive consumers. They send emails, instant messages, or other communications containing malware, links to fake websites, or requests for sensitive information. These attackers may take advantage of events like Black Friday by offering deals that seem too good to be true, creating a sense of urgency to trick victims into clicking through.”

Rogue mobile apps can also carry out phishing attacks. These malicious apps can mine your device for data or even install ransomware.

Phishing is not the only danger in online shopping. Some criminals deceive innocent shoppers by getting them to click on an advertisement that redirects them to a fake version of a legitimate website. “It is best to stick to websites that you are familiar with and trust. If you have any doubts, check the site carefully. Verify that the domain name matches the store you intended to visit, check social media reviews around the retailer, or you could even use a verification site like ScamAdviser,” he says.

“Another thing to watch out for is man-in-the-middle attacks, where sneaky individuals take control of wireless or proxy servers to manipulate your online activities, intercept transactions, or trick you in some way,” warns Hadjizenonos. “To stay safe, it is best to avoid using public Wi-Fi networks for any financial transactions. Stick to secure networks like the ones at home or your office. Do not forget to secure your home router with a strong password to keep it protected. And of course, keep your phone and laptop updated, patched, and properly secured to shield yourself from these kinds of attacks.”

Brush up on cybersecurity awareness

Because cybercriminals are increasingly sophisticated, consumers need cybersecurity education to understand what to look out for. To help shoppers understand cybersecurity best practices, Fortinet offers free cybersecurity awareness training. “It’s important to be cautious, understand how criminals could target you, and know how to mitigate risk,” Hadjizenonos concludes.