Be Warned: Your Black Friday deal could be a deepfake scam

WITH Black Friday just weeks away and International Fraud Awareness Week (November 16–22) on the horizon, South African consumers are being urged to brace for an unprecedented wave of high-tech scams.

RCS, a leading retail financial services provider, has issued a warning: Fraudsters are deploying increasingly sophisticated tactics — including AI-generated deepfakes, near-identical fake websites, and QR code-based phishing schemes — to exploit the shopping frenzy.

According to Melanie Botes, chief information officer (CIO) at RCS, this year’s scams are not only more convincing but also designed to capitalise on the urgency and excitement that typically surround major retail events like Black Friday. “Criminals are constantly refining their methods, often using advanced technology to make schemes look and sound more legitimate than ever before,” Botes said. “The scams consumers are facing today are far more convincing than those of even a year ago, which is why constant vigilance is so important.”

The warning aligns with data from the Association of Certified Fraud Examiners South Africa (ACFE SA), which notes a consistent spike in fraud during peak shopping periods. While traditional threats such as card skimming and email phishing remain prevalent, scammers are now leveraging cutting-edge tools that blur the line between real and fraudulent.

Botes outlined four key areas where fraud is rapidly evolving:

• AI-Powered Fraud: Artificial intelligence now enables criminals to create hyper-realistic deepfake videos, voice notes, and emails that impersonate trusted brands or individuals. “This makes impersonation scams – such as fake product launches or limited offers – far harder to detect,” Botes warned.
• Fake Websites and Online Stores: Fraudsters are crafting “spoofed” sites that mirror legitimate retailers with alarming accuracy. “The URL often contains subtle misspellings, like ‘rc$.co.za’ instead of ‘rcs.co.za’,” Botes said. “There are also phantom stores advertising unbelievable bargains, only to disappear once payments are made.”
• Phishing, Smishing, and Quishing: Beyond email, scammers are now using SMS (smishing) and QR codes (quishing) to trick consumers. “Consumers are being targeted with fake courier messages, account verification requests or QR codes that link to malicious sites designed to steal login details or install malware,” Botes cautioned.
• Social Media Scams: As social commerce booms in South Africa, unverified influencers and fraudulent ads on platforms like Facebook and Instagram are luring shoppers with “too-good-to-be-true” deals that lead to counterfeit websites.

“These scams work because they tap into urgency, whether it’s a limited-time discount or an invitation to register for a ‘free’ giveaway or product hamper that asks for your details,” Botes said. “If something feels rushed or suspicious, take a step back and assess the validity of the situation before clicking or sharing any personal information.”

To help consumers navigate the digital minefield, RCS released a comprehensive safety checklist:

• Be sceptical of bargains: If a deal seems unrealistically good, it likely is. Always cross-check prices on official retailer sites.
• Verify websites: Look for the padlock icon and “https://” in the URL, and scrutinise for subtle misspellings.
• Type, don’t click: Manually enter retailer web addresses instead of clicking on links from emails, social media, or text messages.
• Use secure payment methods: Opt for your RCS Store Card or a virtual credit card rather than EFTs. Avoid wire transfers, cryptocurrency, or gift cards.
• Protect personal details: Never share your PIN, CVV, or one-time passwords (OTPs). Legitimate companies will never request these.
• Use strong, unique passwords and enable multi-factor authentication.
• Don’t save card details on e-commerce sites. If available, use virtual cards with rotating CVVs.
• Beware of social engineering: Treat urgent or unexpected messages — especially those with QR codes or delivery alerts — with caution.
• Leverage bank security tools: Set lower transaction limits to cap potential losses.
• Avoid public Wi-Fi unless using a trusted VPN, and keep all devices and software updated.
• Monitor accounts regularly: Review statements within 48 hours of purchases and report anything unusual immediately.

RCS also advised consumers to minimise their financial exposure by reducing the number of open credit or retail accounts. “Fewer accounts mean fewer risks.” For its customers, a single RCS Store Card — usable both in-store and online across a wide network of major retailers — offers convenience without expanding the fraud surface.

Get the real story on the go: Follow the Sunday Independent on WhatsApp.