For one day a year (23rd November this year), retailers take advantage of consumers’ appetite to spend by offering “loss leader” deals, which they advertise broadly on email and social media. The purpose of these offers is to entice shoppers to retailers’ sites and stores and convince them to buy more than the too-good-to-be-true TV for R500. And cybercriminals know and take advantage of this.
There’s good news and bad news for Black Friday shoppers this year. The bad news is that cybercriminals are using new tactics that make it harder to spot fake deals. The good news is that with robust cybersecurity awareness training, an understanding of the new attack methods and sophisticated email security systems, consumers can protect their money and personal information, and businesses can better protect their sensitive data and systems.
Old dogs, new tricks
Black Friday is like Christmas for hackers. While you’re shopping for bargains, they’re shopping for your credentials, which they use to log into your Internet banking and other online accounts to steal your money. If cybercriminals have your login details, they can access your profile even on sites implementing good security practices. Criminals are hitting various online services with credentials in the hopes of a password and username being accepted as legitimate.
Black Friday grows every year in South Africa. Last year, sales increased by 2571% over 2016 as more retailers jumped on the bandwagon. This year will be even bigger, which means gullible and uninformed consumers – many of whom work for enterprises – are ripe for the picking. And chances are they aren’t aware of the new tactics being used against them.
Forget everything you know about cyber security
Ok, maybe not everything. But a lot of what we know about cybersecurity, and the tips and tricks that protected us in the past, no longer apply to some phishing attacks.
As we’ve already learnt, we’re often told to be suspicious of ridiculously cheap deals, but on Black Friday, ridiculously cheap is expected, so we’re not likely to question R500 TVs.
Another thing we’re told is to look for the green or black padlock on a website, or for the all-important ‘s’ in ‘https’ of the site’s URL. But we can’t even trust this anymore. That’s because cybercriminals can create or buy a real security certificate for their fake website in minutes. One site issued over 14,000 SSL certificates to “PayPal” sites – 99% of these were used for phishing fraud. So, while a fake website looks secure, it really isn’t.
So, what security advice is still valid?
- Look out for spelling errors in emails. While the days of phishing emails with dozens of grammatical errors are gone, many cybercriminals still deliberately include a few to filter out smart people and target those who are not paying attention
- Don’t click on links within emails. Enter the site’s address directly into your browser. If you can’t find the deal that was advertised in the email, warning bells should be ringing.
- Check the sender’s address. Takealot won’t send you an email from a Gmail account, they will use their domain.
- Be password smart. Don’t re-use passwords across multiple services
- Use two-factor authentication (2FA) wherever possible: This makes it harder (but not impossible) for criminals to use your username and password against you if your credentials have previously been stolen.
New and evolving attack methods
Cybercriminals increasingly use various forms of domain similarity– when they subtly change characters and words in URLs and email addresses to match a trusted organisation. These types of attacks often bypass certain email security systems because the sites and email senders aren’t known to be malicious.
To create lookalike domains, attackers often use non-Western character sets to display letters that look identical to the naked eye. Mimecast.com, for example, looks like мімесаѕт.com in Cyrillic. You might think we’re getting fancy with our font. We’re not. Combined with a legitimate certificate, it becomes much harder to spot a fake website.
This creates prime conditions for a successful phishing attacks: nearly half of all South African firms in a recent Vanson Bourne and Mimecast research report saw an increase in targeted spear phishing attacks using malicious links over the past year.
Quick tip: Check the URL carefully. A very long URL might be a sign that the website is fake. However, these are difficult to spot when browsing on a mobile phone, unless you scroll all the way. Rather check on your computer to be sure.
Stay safe in the wild
Consumers and businesses can stay safe this Black Friday.
- Be suspicious by default. Don’t trust any email and go straight to the retailer’s website instead of clicking on links.
- Create a separate email address when signing up for Black Friday alerts. Don’t use your work or personal email.
- Use a separate credit card for online purchases to limit your losses if you are attacked.
- Conduct regular security awareness training to ensure all employees have the awareness to spot potential cyber threats. Human beings are an organisation’s greatest cyber risk and its best defence against cybercrime. During high-risk periods such as Black Friday, unaware users could expose the organisation and their families to unwanted cyber risk. Focus on implementing effective, modern training techniques and create a human firewall around sensitive company data.
The threat landscape has evolved yet again. We can never let our guard down and we have to assume that we’re never completely safe – even if we have robust security systems in place. Apple CEO Tim Cook said recently that cyber resilience is like running on a treadmill. You can’t just stop. If you do, you’ll fall off and will probably get hurt.
Think of Black Friday emails as you would Black Friday crowds outside Checkers. When you’re distracted by the pushing and shoving, you’re not likely to notice the pickpocket until he’s made off with your wallet.
Stay alert. Stay safe. And happy shopping.
3D printed room-service? Visit the hotel of tomorrow
To mark its 100th birthday, Hilton predicts the trends that will change travel and hospitality in the next 100 years.
Intergalactic getaways, fast-food nutrient pills, 2-3 hour working days and adaptable, personalised rooms that can transport guests everywhere from jungles to mountain ranges. These are some of the predictions for the next 100 years that the Hilton hotel group has put together in celebration of its 100th anniversary.
In a report supported by expert insight from the fields of sustainability, innovation, design, human relations and nutrition, findings reveal the impact of the growing sophistication of technology and climate change on the hotel industry in the future.
Key predictions for the hotel of the future include:
Personalisation is King
- Technology will allow every space, fitting and furnishing to continuously update to respond to an individual’s real-time needs – the Lobby will conjure up anything from a tranquil spa to a buzzy bar, giving every guest the perfect, personal welcome
- From temperature and lighting, to entertainment and beyond, microchips under the skin will enable us to wirelessly control the setting around us based on what we need, whenever we need it
The Human Touch
- In a world filled with Artificial Intelligence, human contact and the personal touch will be more critical and sought after than ever
- Technology will free up time for hotel staff to focus on what matters most: helping guests to connect with one another and building memorable moments
‘Sustainable Everything’ – The Role of Responsibility
- Only businesses that are inherently responsible will survive the next century
- Sustainability will be baked into everything about a hotel’s design – from weather-proofed domes, to buildings made from ocean-dredged plastic
- Hotels will act as the Town Hall of any community, managing local resources and contributing to the areas they serve with community-tended insect farms and vertical hydroponic crop gardens
Menu Surprises and Personalisation
- Our diets will include more plant-based recipes and some surprising sources of protein – Beetle Bolognese, Plankton Pies and Seaweed Green Velvet Cake will be menu staples!
- Decadent 3D-printed dinners and room service will provide unrivalled plate personalisation
- Chefs will be provided with biometric data for each guest, automatically creating meals based on preferences and nutritional requirements
Futuristic Fitness and Digital Detoxes
- Outswim a virtual sea turtle in the pool, or challenge yourself to climb the digital face of Mount Everest, your exercise routine will be as unique as you are. What’s more, exercise energy generated from workouts will be used to power the hotel, providing a zero-impact, circular system. Guests could even earn rewards based on reaching workout targets
- Pick up where you left off with trackable workouts and holographic personal trainers
- Offline will be the new luxury as we seek to find moments of tech-free time
“Since its inception in 1919, Hilton has pioneered the hospitality industry, introducing first-to-market concepts such as air-conditioning and in-room televisions. Last year, Hilton also became the first hospitality company to set science-based targets to reduce its environmental impact,” said Simon Vincent, EVP & President, EMEA, Hilton. “We enter our second century with the same commitment to innovation, harnessing the power of our people and technology to respond to guest demands. Our research paints an exciting future for the hospitality industry, highlighting the growing importance of human interaction in an increasingly tech-centric world.”
Futurologist Gerd Leonhard said: “In 2119 we will still be searching for unique experiences, but they will be more personalised than ever. As technology shapes our lives we will seek out moments of offline connection with others, including hotel team members who will help us truly get what we need from our stays. 100 years from now hotels will have to create opportunities to converse, collaborate and connect, delivering moments that matter, individually, to each and every guest.”
Gadget ed to chair Digital Council
Specialist financial services provider Sasfin Bank has established a Digital Advisory Council to provide the market with industry-leading expertise and insights on trends shaping the use of technology in financial services.
Digitalisation is one of the most powerful forces for change shaping Finance today. This has turned Fintech into one of the most vibrant sectors in both information technology and among start-ups, generating billions of dollars in investment and development globally. The South African fintech space is dynamic, and Sasfin is playing a leading role in the transformation of local financial services and the resulting enhancement of customer experiences.
“We have been investing in fintech development in-house and acquiring or integrating fintech start-ups,” says Sasfin CEO Michael Sassoon. “Over the last year we have built further digital offerings, integrated via APIs into leading businesses and invested in fintechs. We built and launched B\\YOND, an innovative digital business banking platform and SWIP, a digital wealth and investing platform. We have invested in Payabill, an online SME lender and DMA, a digital trading platform. We recently announced our alliance banking relationship, leveraging open banking, with Hello Paisa to offer seamless banking to the unbanked. We feel that there is a huge opportunity to improve the experience of South African businesses and savers through using technology. We have therefore created an independent forum to assess how to even better improve financial services for South Africans by leveraging the digital economy.”
Arthur Goldstuck, founder of high-tech research consultancy World Wide Worx, editor-in-chief of Gadget, and a globally respected technology analyst has accepted Sasfin’s invitation to head up the Sasfin Digital Advisory Council, an independent think tank that will help Sasfin and its clients decipher the fintech present and future.
“The Sasfin Digital Advisory Council is broader than providing only the bank with a source of insight on how digital services are evolving and lessons from across the world,” said CEO Michael Sassoon. “Sasfin has been involved in fintech investing for many years and we are leveraging this experience as well as the experience of independent experts such as Arthur to provide insights and guidance to interested stakeholders in this space.”
The team appointed to the Digital Advisory Council is being selected for the breadth and range of knowledge they would bring to the table, with further appointments to the Council being announced soon. There will also be room for the Council to co-opt specialist expertise as it is required.
Goldstuck, who has been covering the fintech sector as an analyst, commentator and columnist for many years, says he sees the role as a welcome challenge.
“There has been a long-standing need for a clear understanding of the impact being made by fintech today, and the exponential change it will cause tomorrow,” said Goldstuck. “My role will be, partly, to curate the wide spectrum of fintech and digitalisation knowledge and insights that the members will bring to the Digital Advisory Council, and help create scenarios that businesses and policymakers may use to navigate the future – both inside and outside Sasfin.”