Why your festive shopping cart is a goldmine for cybercriminals

Criminals take advantage of rushed decisions, promotional hype and heavier internet use to steal personal data and money.

Fake online stores offering heavily discounted products are one of the most common traps. These sites often look legitimate, complete with professional layouts and countdown sales, but disappear once payments are made. Shoppers may only realise they have been scammed when goods never arrive, or their bank accounts are compromised. 

In South Africa, Mongezi Mpahlwa, a partner at law firm Cox Yeats, says the country is already seeing a sharp rise in cyberattacks. South Africa recorded more than 2,300 formally reported data breaches between April 2024 and March 2025, averaging about 200 incidents a month. That number has since climbed, with nearly 2,000 breaches reported from April 2025 to date, close to 300 cases every month.

“These attackers know people are distracted, shopping quickly and sharing payment details more often,” Mpahlwa said. “That makes the festive season a perfect hunting ground,” the Citizen quotes.

Government departments, hospitals, banks, retailers and telecoms companies have all been hit by ransomware attacks, data theft and extortion schemes. In some cases, cybercriminals have stolen massive volumes of sensitive information or disrupted essential services.

The average data breach now costs South African businesses about $2.6 million, while consumers lost more than $53 million in 2023 alone to digital banking and mobile app fraud. Industry figures show total cyber-related losses can reach $175 million a year, with online banking fraud and associated losses rising steeply.

Mpahlwa recommended verifying emails and messages before clicking links, shopping only on trusted websites, avoiding public Wi-Fi for payments, and reporting suspicious activity immediately.