Kinyarwanda

The holiday season sees a significant surge in online shopping—and a corresponding spike in cybercrime. As festive spending increases, cybercriminals target online shoppers with holiday-themed scams that aim to steal money and sensitive data.

Users are encouraged to adopt the following best practices to keep their money and sensitive information safe during this period.

1. Enable Transaction Alerts and Monitor Accounts Proactively

Enable real-time SMS and email notifications for all transactions on your bank and mobile money accounts. This immediate visibility is your first line of defense.

Log in to your accounts directly (via official apps or websites) weekly to review activity. Relying solely on emailed statements can be risky, as they can be spoofed.

If you spot fraud: Contact your financial service provider (Banks, Mobile Money) immediately using the official phone number from their website. Follow up in writing.

2. Verify Online Sellers with Enhanced Vigilance

Fake e-commerce sites are rampant during holidays. To verify legitimacy:

• Check for HTTPS: Ensure the URL begins with https:// (the 's' stands for secure) and shows a padlock icon. Never enter payment details on a site using only http://http://.

• Scrutinize the Domain: Look for subtle misspellings of brand names (e.g., "amaz0n-deals.com" instead of "amazon.com").

• Research the Seller: Search for reviews beyond the site itself. A lack of a physical address, contact details, or clear return policy are major red flags.

3. Stay vigilant against phishing

Holiday-themed phishing emails and SMS (smishing) impersonate deliveries, charities, or friends in distress.

If you receive a message about an unexpected order or a plea for help from a contact, do not use the link or number provided in the message. Contact the company or person through a known, official channel.

Never share One-Time Passwords (OTPs), passwords, or PINs with anyone. Legitimate organizations will never ask for these.

4. Avoid Public Wi-Fi for Transactions

Public Wi-Fi in cafes or malls is often unencrypted, allowing attackers to intercept your data. Use your personal mobile internet service provider for transactions, which is generally more secure.

If You Must Use Public Wi-Fi, employ a reputable Virtual Private Network (VPN) that encrypts all traffic from your device. Ensure the VPN is from a trusted provider.

5. Recognize and Avoid Seasonal Scams

Be extremely cautious of offers that seem too good to be true—they almost always are. Avoid clicking on social media ads for deals that sound too good to be true. Instead, navigate directly to the brand's official and verified website or social media pages to verify the promotion.

Scams involving urgent requests for payment, gift cards, or cryptocurrency are almost always fraudulent. Legitimate organizations do not demand payment this way.

6. Fortify Your Online Accounts

Enable MFA on every account that offers it, especially email, banking, and shopping accounts. Use an authentication app or a hardware security key for stronger protection than SMS-based codes, which can be intercepted.

Use a password manager for each account. A password manager generates, stores, and autofills these credentials securely, eliminating the risk of password reuse—a primary cause of account breaches.

Ensure your device's operating system, web browser, and shopping apps are set to update automatically. Updates patch critical security vulnerabilities.

7. Report Suspicious Activity

If you are a victim of cybercrime or identify a malicious website or application/software, report it immediately. Your report helps protect others.

In the case of an incident, you can reach NCSA through the following platforms:

• Email:

  • info@ncsa.gov.rw

• Toll-free:

  • 9009

• Social media:

  • LinkedIn and Facebook: National Cyber Security Authority

  • X and TikTok: Cybersec_Rwanda

  • Instagram: Cyber_Rwanda