Ahead of the sales rush on Black Friday and Cyber Monday, the National Cyber Security Centre has issued tips to help consumers stay safe online.
The Centre hopes to enable shoppers before, during and after the sales to employ basic techniques to reduce the risk of fraud or cyber-attacks.
Sarah Lyons, NCSC Deputy Director for Economy and Society said the festive period is a busy time for both consumers and cybercriminals alike – with the latter preying on consumers who let their guard down in search of a bargain online.
“At this time of year our inboxes are filling up with promotional emails promising incredible deals, making it hard to tell real bargains from scams,” she said.
“We want online shoppers to feel confident they are making the right choices and following our tips will reduce the risk of giving an early gift to cybercriminals.
“If you spot a suspicious email, report it to us or if you think you’ve fallen victim to a scam, report the details to Action Fraud and contact your bank as soon as you can,” Lyons added.
An area of particular concern for the NCSC is the use of fake websites and phishing schemes.
“It’s worth doing some research on online retailers to check they’re legitimate. Read feedback from people or organisations that you trust, such as consumer websites,” the NCSC said.
- DIGIT Q&A | Calum Smeaton, CEO of TVSquared
- Scottish firms to maintain UK’s hydrogen fuelling standards
- EU targets end-to-end encryption tools after rise in terror attacks
The Centre said that while emails and texts about ‘amazing offers’ may appear tantalising, consumers should caution restraint and always verify the legitimacy of correspondence.
Over the past 12-months, the NCSC has removed 113,000 malicious URLs from fake online shops through its Active Cyber Defence programme. Earlier this year, it also launched its Suspicious Email Reporting Service (SERS) alongside the City of London police.
In the four months after launch, the service received more than 2.3 million reports, which resulted in thousands of websites being taken down.
Staying Safe Online
Mark Cunningham-Dickie, Cyber Incident Response Manager at Scottish Business Resilience Centre, described Black Friday as a ‘cybercriminal’s dream’ and warned that consumers must remain alert year-round when shopping online.
“As we have seen online promotions extended all the way through November in response to non-essential shops being forced to close across large swathes of the country, it is likely that over the coming weeks, we’ll see a correlating upswing in cyber-attacks,” Cunningham-Dickie said.
For businesses, the stakes are just as high and cyber-attacks pose a significant real threat to firms of all sizes – so how can they prepare ahead of Cyber Monday?
Speaking to DIGIT, Cunningham-Dickie outlined the steps that businesses should follow to protect themselves and their customers.
Beware of fake customers
When liaising with customers on email, be aware of any attachments they may be included. Always look at the file extension of attachments and be extra cautious of .zip, .hta and .pdf files, and never run .exe files unless you were expecting them.
If you are ever unsure, give the customer a ring to verify that they have indeed sent you the email and if you are unable to reach them, save the file somewhere safe and run an antivirus scan over it. The extra time it takes is worth it to mitigate the risk of an attack bringing down your operation during such a crucial sales period.
More than ever, businesses need to be conscious of their IT security and be clear about the processes they have in place. At the very minimum, make sure that your website has a certificate to show secure communication as well as checking that your antivirus protection is up to date.
To take this a step further, consider getting your website tested by an ethical hacker. This can be a good exercise in identifying any weaknesses in the website and will mean that hackers can’t modify the price of products and that customer information and payment details are encrypted.
In the event that your business does suffer a cyber-attack, having completed this process will also help reduce any fines from the ICO.
Reduce the fallout of an attack
Should an attack take place, it’s worth limiting the impact of it by ensuring that you regularly back up your systems and by having a disaster recovery procedure in place.
The coming weeks will likely be the busiest time of year for many retailers, and backing up your data will mitigate the risk of losing data or orders if you do suffer an attack.
It will also mean you can resume operations faster which will reduce the overall impact on your business operations.
Following an attack
If you do fall victim to a cyber-attack, it’s important to act as quickly as you can. There are many resources you can call on for support including the Cyber Incident Response Helpline which can provide free expert help. The helpline can also work with Police Scotland, where requested, to provide evidence against cybercriminals.
Should you believe that someone is impersonating your website or business, it is important that you contact 101 and report it as a crime. If your brand is copyrighted, you should also submit a DMCA Takedown notice to the hosting provider.