Scammers are coming for you this Black Friday, Thanksgiving, Xmas or whenever
A week or so ago, I did something that I had managed to avoid forever: I responded to a phishing email. Yes, dear reader, I clicked on one of those malignant URLs that intended taking me somewhere far worse than the courier website I thought I was about to visit. In this instance, my saving grace was one of those usually dreaded “404 Page Not Found” messages.
Phishing, smishing go exponential
The sheer number of phishing (by email) or smishing (by text message) scams means there is a high probability that you or I will accidentally click on a dodgy link. Whether or not we get scammed from that point is a mixture of luck and awareness. In this case, I was lucky because the link was broken. Had the link taken me to a functioning page, I may well have been telling a different tale entirely.
I was expecting a package from the very courier that the phishing email was masquerading as. This is exactly what the scammers bank on; they buy previously hacked email or mobile phone lists and then simply spam the whole list in the hope that one in a thousand are expecting a package, and that one in every 10000 actually follows through by visiting the fake URL. The only way to stay safe in the virtual world is to adopt a default “why are they asking this” posture whenever you encounter a request for action or information online.
The massive spike in online buying activity around Black Friday has set the alarm bells ringing at financial services providers and online retailers. Need proof, just try and log into your banking application; you can expect a warning about the latest scam to flash up before you reach the home screen. As a financial journalist, my inbox has been inundated with warnings too. This week, consumer finance business RCS shared a presser warning that criminals were turning to AI-generated deepfakes and near-perfect cloned links and websites to con us.
Black Friday ups the online buying ante
Their message overlapped with both Black Friday and the International Fraud Awareness Week, running from 16-22 November this year. Melanie Botes, RCS Chief Information Officer, said criminals were combining speed, urgency and technology to make fraud harder to spot.
“Criminals are constantly refining their methods, often using advanced technology to make schemes look and sound more legitimate than ever before,” she said. “The scams consumers are facing today are far more convincing than those of even a year ago, which is why constant vigilance is so important.” And the criminals are relentless.
The courier I mentioned earlier has dedicated a page on its website warning customers of criminal activity linked to its brand. And even as I was typing this paragraph, my phone pinged with an unrelated SMS that urged me to claim my Sasol points before they expire. The common threads in these scams include familiarity, financial benefit and urgency, alongside an illusion of authority and a prompt to act. Scams look legitimate, feel time-sensitive and offer something small but convincing, before steering you to the action that criminals need you to take.
New approaches to financial crime
Scammers are increasingly deploying new tools and approaches. RCS was kind enough to share four examples that are prevalent at the moment. First and foremost, the rise in AI-powered fraud. According to Botes, advances in artificial intelligence (AI) are enabling fraudsters to create super-realistic deepfake videos, voice recordings and emails that mimic trusted brands or individuals.
A brief Google search flags countless examples of deepfake videos of celebrities punting dodgy investments, often via unregulated firms making false claims about compliance. In the past, the Financial Services Conduct Authority (FSCA) has issued warnings about scams that were using deepfake videos of Cyril Ramaphosa, Patrice Motsepe, Paul Mashatile and media figures like Leanne Manas to endorse unrealistic “guaranteed return” schemes.
Your writer has also heard of similar scams using AI-generated video of tech billionaire Elon Musk and retail mogul Rupert Ackerman to promote a questionable financial opportunity. And it gets worse. Hardly a day goes by without the FSCA issuing a warning about criminals who clone reputable financial brands to con their victims. In its latest Regulatory Actions Report, the conduct regulator said it issued 107 public warnings for the period 1 April 2024 to 31 March 2025. The tally for the current financial year will likely be much higher.
Fake websites and online stores are the second feature that RCS is concerned about. “Spoofed websites that look almost identical to legitimate retailers are on the rise,” Botes said. “The URL often contains subtle misspellings, and we often encounter phantom stores advertising unbelievable bargains, only to disappear once payments are made.” As an extreme example, imagine visiting and completing a purchase on Takeal0t.co.za instead of Takealot.co.za. The difference, a zero in the first URL.
Beware the compromised QR
The third connected crime phenomenon raised by RCS is the one we used to introduce this write-up, but with an added twist. You can add quishing to the aforementioned phishing and smishing scams. In these attacks, bad actors either generate entirely fake QR codes that send you to malicious sites, or they tamper with the URL embedded in a legitimate QR code so that scanning it redirects you to a spoofed page.
Fourth, you need to be aware of the increasing popularity of social media scams. It is now common to encounter influencers who promote unrealistic ‘specials’ on platforms such as Facebook and Instagram, directing consumers to counterfeit websites.
“These scams work because they tap into urgency [through] limited-time discounts or invitation to register for ‘free’ giveaways or product hampers that asks for your details,” explained Botes. “If something feels rushed or suspicious, take a step back to assess the validity before clicking on a link or sharing any personal information.”
As if pre-ordained, another scam landed in my inbox to assist with concluding this op-ed. This time from a sketchy clone masquerading as the official site of another domestic courier. Aside from the fact I have no parcels inbound, the giveaway was that the email had been sent to ‘undisclosed recipients’, a classic sign that a message is part of a phishing scam. If this was an email about a unique, personal parcel, why would they send it to a long list of unknowns? There was also an indication that some cash would be needed to secure the release of the parcel. Duh.
Do not become a victim
RCS offered some common sense advice to help avoid becoming a victim of an online scam. You should be sceptical of deals that look too good to be true, and always check that you are on a genuine company website by typing the address yourself rather than clicking on an embedded link in an email or SMS. The financial services firm suggests using secure methods like virtual cards to settle online transactions, and you should avoid paying using crypto, EFTs, gift cards or wire transfers.
As a rule, you should keep your personal information private; use strong passwords for your digital accounts; enable multi-factor authentication wherever possible; and avoiding saving debit or credit card details online. And remember, a bank or online retailer will not ask for your PIN or OTP. Never disclose these numbers to call centre staff, and never enter them online. You should be extra cautious of unexpected parcel delivery alerts, QR codes or urgent messages, and always enable your bank’s security tools such as low limits and real-time notifications.
You are your best defence
And finally, keep your devices updated and check your bank statements regularly so you can spot suspicious activity early. “The most powerful line of defence is always an informed and vigilant consumer; by understanding the risks and applying simple precautions, you can enjoy Black Friday deals without fear,” Botes concluded. She would like to see fraud prevention become an everyday financial habit, saying that greater awareness among financial consumers make it more difficult for scammers to succeed.
Follow the writer on
LinkedIn: https://www.linkedin.com/in/gareth-stokes-media/
X: @stokesmedia
.png)
