PUNCH
Black Friday is one of the most anticipated global shopping events that has steadily gained traction in Nigeria; it draws millions of shoppers to both online platforms and physical stores every November and through the long holiday festive season.
This is understandable, especially at a time when economic conditions have strained personal finances. The promise of significant savings feels like an opportunity too good to miss. However, as attractive as these opportunities are, the Black Friday appeal also reveals vulnerabilities in consumer behaviour and the e-commerce ecosystem, making it a prime hunting ground for fraudsters. Reflecting on my experience in e-commerce and cybersecurity, I believe this event serves as a critical case study of how psychology and technology intersect to drive modern commerce and how cybercriminals exploit this same instinct.
Black Friday thrives on psychological manipulation. Vendors often use tactics like urgency, scarcity, and exclusivity to influence consumer behaviour. Phrases like “limited time only” or “few left in stock” are designed to create a fear of missing out (FOMO) and compel shoppers to act quickly under pressure. When items are presented as scarce or available for a short time, their perceived value increases, mainly to encourage impulsive decisions.
Similarly, framing deals as exclusive to certain groups, like loyalty members, VIPs, etc., often creates a sense of privilege that heightens the desire to buy. These tactics work because they appeal to human emotions just to bypass rational analysis and to encourage hurried purchases without proper scrutiny of the authenticity or necessity of the deal and products.
Unfortunately, the same psychological triggers that drive Black Friday sales also make shoppers vulnerable to scams.
Cybercriminals exploit the heightened shopping activity to target unsuspecting consumers with phishing scams. Most times, customers expecting emails or messages about discounts or delivery updates often unknowingly click on malicious links that redirect them to fake websites. These fraudulent platforms often clone trusted online marketplace platforms to trick shoppers into providing sensitive information such as login credentials, payment details, and personal data. The risks are compounded by pseudo-discounting, a deceptive practice where vendors inflate the original prices of items before the sale period to create the illusion of steep discounts. For example, a smartphone advertised as “50% off” may in reality be sold at its regular price or higher. This manipulates customers emotions to make purchases based on perceived savings rather than real value. Such tactics also undermine trust in Black Friday deals and highlight the need for better regulations and consumer awareness.
Humans are the weakest link in cybersecurity due to our emotions that can be manipulated easily, and scammers often exploit these known weak points. This is not just a theoretical phenomenon; I have seen firsthand how urgency and emotions cloud judgment. As a cybersecurity professional, I’ve observed consumers fall victim to phishing scams; for instance, last week, I encountered an email purportedly from Jumia advertising a Black Friday deal. On closer inspection, the link redirected to a fake website that replicated a popular online marketplace interface but was designed to steal user information. Scammers rely on the assumption that shoppers excited by the promise of discounts will not take the time to verify the legitimacy of links or messages.
Small and medium-sized enterprises , SMEs are particularly vulnerable during Black Friday; the surge in online traffic and transactions creates opportunities for hackers to exploit poorly secured websites and payment systems to steal customer data or divert payments to fraudulent accounts. Also, retailers rushing to meet Black Friday demand may also unknowingly source fake products from unreliable suppliers, damaging their reputation and eroding consumer trust.
Even big platforms face risks as high traffic volumes strain their systems, exposing vulnerabilities to cyberattacks. Due to this growing threat, many online platforms and vendors now send out regular disclaimer reminders to their customers that they will never request direct payments into a bank account or ask for customers banking details BVN, NIN, date of birth, card details, etc.). Even most Nigerian banks now send this regular mail. This is important because scammers often impersonate customer service representatives, requesting bank transfers for fake orders. While such measures are essential, they are not enough to fully address the issue. Many Nigerian shoppers still lack the knowledge to identify phishing attempts or verify the authenticity of websites, leaving them susceptible to fraud.
1 Comment