Cybersecurity experts are warning consumers not to assume that every deal they chance upon online is legit.
| ShutterstockTechnology
Premium
Beware, it's Christmas for online scammers too
“It’s Black Friday” is the catchphrase on almost every retail outlet with a presence online. And to cut deals, Kenyans have flocked to websites to buy items at discounted prices as the Christmas season beckons.
In the process, many have left traceable details about their identities online, such as phone numbers and banking details, thus exposing themselves to internet scammers.
Cybersecurity experts are warning consumers not to assume that every deal they chance upon online is legit.
Online scams range from phishing and credit card theft to card-not-present fraud (when a card is not presented to a merchant for a visual check) and cryptocurrency swindles that benefit complex organised crime groups seeking to make illicit financial gains from unsuspecting victims.
Interpol’s African Cyber Threat Assessment Report, released in October this year, identified online scamming as the most frequently reported and most pressing cyber-threat on the continent.
The police agency’s member states reported a sharp increase in the number of online banking scams, including banking and credit card fraud.
The report cited Kenya as leading in online scams because many of its citizens, 83 percent, have access to the internet, followed by Nigeria (60 percent) and South Africa (56 percent).
Kenya ranks high owing to its widespread mobile money use, with mobile banking reported to play a major role in digital financial services fraud in the three countries and malicious apps being used to exploit increasing vulnerabilities.
“This threat seeks to target and take advantage of victims' fears, insecurities and vulnerabilities through phishing, mass mailing and social engineering,” the report says.
In his State of the Nation address on Tuesday, President Uhuru Kenyatta said the ICT sector growth rate stands at 25.1 percent, describing it as a prime mover of Kenya’s economic growth.
With this growth, experts warn that criminals will be looking to exploit the internet as more Kenyans shift to online shopping, banking, communication and transfer of data, especially now ahead of the festive season.
To be on the safe side, consumers should watch out for phishing in particular.
Internet security provider Kaspersky defines phishing as a bait that persuades users to take an action that gives a scammer access to their devices, accounts or personal information.
“By pretending to be a person or organisation you trust, they can more easily infect you with malware or steal your credit card information, social media log-in or your entire identity via your national identity card or Huduma number,” Kaspersky notes on its website.
Phishing is the most common online scam and can be facilitated by emails, SMSs, phone calls or phishing kits where victims unwittingly open malicious attachments or links.
They commonly occur in the form of pop-up messages and links that refer victims to a web page that appears similar to that of their bank.
Subsequent prompts make users change their password, unaware that they are passing on their credentials to a second party, who then gains unrestricted access to their emails and social media or bank accounts.
Phishing tricks victims into giving out credentials for their sensitive accounts such as email, intranet and bank details.
By the time victims realise they have been scammed, the fraudsters have already emptied their bank accounts, posted information on victims’ social media pages, stolen important data from emails and other valuable information by taking control of the accounts, and sent money to other accounts.
Many consumers do not realise that just a few pieces of information can give hackers access to multiple networks and accounts.
“By masquerading as legitimate users to IT support personnel, they grab your private details like name, date of birth or address. From there, it’s a simple matter to reset passwords and gain almost unlimited access. They can steal money, disperse social engineering malware and more,” Kaspersky adds.
So consumers should be wary. If the deal is too good to be true - as in the case of discounts, giveaways and other baits that motivate shoppers – they are advised to consider why the seller is offering a valuable item for little gain on their end.
“Be wary at all times because even basic data like your email address can be harvested and sold to unsavory advertisers,” Kaspersky warns.
Consumers are also advised to be wary of online retailers that insist on immediate payments for a product before they get it.
Beware of prompts that lead users to links that seem off, especially those that do not direct them to the company’s website.
Consumers should adopt safe online habits like avoiding using public Wi-Fi, checking privacy and security settings, deleting suspicious emails or attachments without opening them and using updated anti-virus software.
They are advised to apply multi-factor authentication for their online accounts, use strong passwords, avoid sharing personal details about themselves online like date of birth, location of residence and type of vehicle.
When making online payments, only do so using a secure payment service whose URL starts with https or use a known payment provider such as PayPal.
If you think you have been scammed, contact the retailer. If that does not help, contact your bank to reverse the transaction if it’s not too late but if the worst has come to be, report to your local authorities.
