The National Cyber Security Centre (NCSC) has issued refreshed guidance for online shopping ahead of this week’s Black Friday.
The NCSC said that cyber-criminals are seeking to exploit an increased number of online shopping transactions in the run-up to Christmas and anticipated that consumers may slightly lower their guards during the rush to bag the best deals.
The advice includes:
- Being selective about where you shop
- Only providing necessary information
- Using a secure protected payment
- Keeping your accounts secure
- Identifying suspicious emails, phone calls and text messages
- What to do if things go wrong
As part of its ongoing work to protect the public from cyber-criminals, the NCSC’s takedown service, which is part of its Active Cyber Defence program, has removed 113,000 malicious URLs from fake online shops over the past 12 months. The NCSC is also supporting Action Fraud’s #FraudFreeXmas campaign following an increase of online fraud.
Sarah Lyons, NCSC deputy director for economy and society, said: “At this time of year our inboxes are filling up with promotional emails promising incredible deals, making it hard to tell real bargains from scams. We want online shoppers to feel confident they’re making the right choices and following our tips will reduce the risk of giving an early gift to cyber-criminals.
“If you spot a suspicious email, report it to us or if you think you’ve fallen victim to a scam, report the details to Action Fraud and contact your bank as soon as you can.”
According to a recent blog by Digital Shadows, risks to brand reputation accounted for 45% of the alerts it sent to retail clients, second only to data leakage risks. “As we have seen before, cyber-criminals love creating phishing pages and fake social media accounts to mislead users into exposing their login credentials, personally identifiable information (PII) or payment card data,” said Kacey Clark, security researcher at Digital Shadows.
For example, a threat actor may deploy a phishing campaign that targets a specific retailer’s customers. When customers receive emails that appear to be legitimate, they may be urged to click on malicious links or open malware-laced attachments, giving way to potential financial or credential compromise or malware propagation.”
Digital Shadows also said that roughly 30% of the retail risks identified throughout its recent reporting period involved the impersonation of domains, phishing sites and phishing attempts.
“As found in our previous research on the phishing ecosystem, out of over 100 advertisements for pre-built phishing pages and templates on cyber-criminal forums and marketplaces, 29% specifically targeted retail and e-commerce organizations,” Clark said.
“These were sold for an average of $20.43. In the same breath, we also found that the cheapest phishing page templates were for some of the biggest online brands, including retailers and social media sites, averaging between $2 and $3.”