Shopping safely online this festive season

New research has revealed that three-quarters of South African shoppers will stop buying from a brand if they fall victim to cybercrime while interacting with that brand online.
 
According to Mimecast’s Brand Trust survey, 83% of South Africans would lose trust in their favourite brand if they disclosed information to a spoofed website, while nearly three-quarters (73%) would stop spending money with their favourite brand if they fell victim to a phishing attack involving that brand.
 
“Retailers and e-commerce players are understandably excited at making the most of the upcoming shopping season, which kicks off with Black Friday and leads all the way up to the Festive Season,” says Heino Gevers, cybersecurity expert at Mimecast. “However, it is vital that brands protect their customers against cybercriminals, or they risk losing them.”
 
Cybercrime has been in overdrive in the last 18 months, with Mimecast researchers detecting sharp increases in all types of cyberattacks.
 
Data from Mimecast’s State of Email Security report earlier in the year, found that 38% of organisations saw an increase in brand impersonation via counterfeit websites, and 47% saw a rise in malicious email spoofing.
 
“South African consumers are increasingly looking to the brands they support to keep them safe while using their services online,” explains Gevers. “Our research found that 94% of consumers expect their favourite brand to ensure their services, including their website, the emails they send, and other communication, are safe to use. Eighty-nine percent of consumers believe it’s the brand’s responsibility to protect itself from fake versions of its website, while 87% said it’s the brand’s responsibility to protect against email impersonation.”

READ: Instagram Kids on hold over safety concerns
 
Mimecast’s threat hunting team also recently uncovered a scam involving national postal services across at least 26 countries, including in South Africa. They found the group of threat actors were using trusted postal services brands to trick consumers into sharing sensitive private and financial information, through phishing emails and spoofed web pages.
 
Ahead of the busy shopping period it’s likely that scammers will only ramp up campaigns like this, with more people expecting deliveries as they make online purchases. Considering Mimecast research found that only 60% of respondents believe these organisations to be trustworthy - among the least trusted across all industries – they would do well to protect their brands and prevent a further breakdown of trust.
 
To combat these and other threats, organisations are increasingly using security solutions to keep their brands – and therefore their customers – safe online. Ninety-six percent of South African organisations either already use or plan to use an online brand exploit protection service, while 86% either are or plan to use DMARC, a tool that limits the ability of cybercriminals to hijack organisations’ email domains to launch attacks impersonating that company’s email.
 
“Campaigns around greater cybersecurity awareness are also essential in helping consumers protect themselves against cyber threats,” adds Gevers. “Simple practices can go a long way to limit cyberattacks and help make this Black Friday a safe experience for shoppers and brands alike.”
 
 
Here are some tips from Mimecast which will help consumers shop safely this season.

- Free WIFI is rarely secure - Since the workforce is mostly hybrid these days, it’s normal to connect to company systems via personal networks. Mimecast suggests keeping information - such as name, address and credit card details - safe by not connecting to public networks. These networks in public spaces such as shopping malls, coffee shops or airports, can be less secure and easier to compromise.

 - Never use the same password for everything - Always use a unique password across your different accounts. That way, if your password becomes exposed, it won’t compromise your other accounts, such as email, banking or anything work related. Use passphrases and make use of a password manager if you find it difficult to remember several complicated passwords.

- Assume all links are phishy – It’s become easy for criminals to impersonate well-known retailers by setting up fake sites that look remarkably like the real thing. Consumers are directed to malicious websites using pop-up ads or phishing links in marketing emails. Any legitimate Black Friday deal will feature on the retailer’s website so it’s better to go directly to the real site or use their mobile app.

- Deals don’t come in an email attachment - Cybercriminals can easily embed malware into email attachments and compromise your device when you open it. Retailers typically don’t send shoppers downloadable attachments, so think twice before opening anything and rather go directly to the retailer’s website or app. The last thing you want is to infect your own device with malware, or even worse be the person that brings down your company network.

READ: Black Friday: Tips to help you avoid being scammed

Image courtesy of iStock/ @Tero Vesalainen