South African consumers heading into the peak December shopping season face a new breed of cybercriminal armed with artificial intelligence tools that can clone websites, mimic voices, and craft hyper-personalised scam messages at unprecedented scale.
Richard Ford, Group Chief Technology Officer at Integrity360, warns that this year’s holiday scams will look dramatically different from the clumsy, generic attacks consumers have learned to recognise.
“Where cybercriminals once relied on generic, clumsy scams, AI now allows them to create highly targeted, incredibly realistic attacks in minutes,” Ford explains.
The expert points to a fundamental shift in how fraudsters operate, moving from one-size-fits-all approaches to sophisticated, personalised lures that exploit the festive season’s mix of distraction and excitement.
“Instead of a generic ‘Your package has been delayed,’ an AI-powered message might now say, ‘Hi [Your Name], there’s an issue with the [Product You Just Bought] from [Retailer Name] scheduled for delivery to [Your Suburb],’”
Traditional fake shopping websites were often easy to spot due to poor design, blurred images, or obvious grammar mistakes. Today’s AI-powered scams eliminate those telltale signs. Generative AI can now create pixel-perfect clones of legitimate retail websites in minutes, complete with social media advertisements crafted to target specific interests and demographics. These sophisticated fakes might reference products recently browsed by potential victims or use language that resonates with particular consumer groups, making them far more convincing than their predecessors. Ford advises consumers to scrutinise website URLs carefully, ensuring they start with ‘https://’ and remaining deeply skeptical of deals advertised on social media that appear drastically cheaper than elsewhere.
The classic phishing scam – fake courier notifications or bogus bank alerts designed to create urgency – has received a dangerous AI upgrade. Instead of generic messages about delayed packages, AI-powered attacks now deliver highly personalised communications referencing specific purchases, delivery addresses, and even suburb details scraped from previous data breaches or social media profiles.
ALSO READ: Ho-ho-hold on: Don’t let scammers steal your festive joy, City warns | TygerBurger
“Instead of a generic ‘Your package has been delayed,’ an AI-powered message might now say, ‘Hi [Your Name], there’s an issue with the [Product You Just Bought] from [Retailer Name] scheduled for delivery to [Your Suburb],’” Ford illustrates.
This personalisation dramatically increases the likelihood that recipients will click without thinking, making these scams far more effective than their generic predecessors.
Deepfake voice scams target families
Perhaps most concerning is the emergence of deepfake technology in voice-based scams targeting family relationships. AI voice-cloning technology can now use small audio samples from social media videos to create convincing fake audio messages from children or partners claiming emergencies and requesting urgent money transfers. Ford recommends establishing “safe words” with family members for emergency verification and always calling back on usual numbers to confirm distressing messages before taking action.
Despite the sophistication of AI-powered threats, Ford emphasises that fundamental cyber safety practices remain the strongest defense. For smart shopping, consumers should verify website legitimacy, look for secure URLs, check independent reviews, and use credit cards or secure digital wallets rather than debit cards for online purchases. Public Wi-Fi networks should never be used for entering payment details, and social media ads offering deals that seem too good to be true require extra scrutiny.
“Good cyber safety isn’t about being a technical expert. It’s about cultivating a healthy dose of skepticism. Pausing before you click, verifying before you send money, and questioning urgency are simple habits that can defeat even the most sophisticated AI-driven scams,”
The increasing popularity of digital gift cards, e-wallets, and online transfers creates additional vulnerability points during the festive season. Ford advises double-checking all account details, never sharing voucher numbers, one-time pins, or passwords, and only purchasing digital products from official retailer websites or apps. Banking security measures should include enabling two-factor authentication and setting up transaction alerts for immediate notification of all account activity.
The holiday season’s influx of new phones, tablets, smartwatches, and connected home devices requires careful attention to security before network connection. Ford recommends treating new devices “like potential Trojan horses until proven secure,” emphasising the importance of changing default passwords, installing updates, reviewing privacy settings, and installing reputable security software.
Despite the technological sophistication of modern scams, Ford believes informed consumers remain the most powerful defense against cybercrime. “Good cyber safety isn’t about being a technical expert. It’s about cultivating a healthy dose of skepticism. Pausing before you click, verifying before you send money, and questioning urgency are simple habits that can defeat even the most sophisticated AI-driven scams,” he concludes.
The warning comes as South Africa’s online shopping sector experiences significant growth, creating expanded opportunities for cybercriminals targeting distracted holiday shoppers.
