Think cyber security when you shop before Christmas, urges the UK official National Cyber Security Centre (NCSC).
It points to figures from the police’s National Fraud Intelligence Bureau (NFIB) that victims of online shopping scams lost on average £1,000 per person in the weeks before Christmas last year. Scams included a shopper losing more than £150 trying to purchase a mobile phone on social media; another duped out of more than £7,000 during an attempted online camper van purchase; and another victim lost almost £500 when trying to buy shoes on a social media platform; and a loss of £145 trying to make a similar purchase.
The NCSC, a part of the UK Government intelligence agency GCHQ – is promoting its Cyber Aware campaign. It advises simple steps for shoppers to reduce their risk of suffering similar losses during this year’s Black Friday (November 25, to get delivery for December 25) and pre-Christmas.
NCSC CEO Lindy Cameron said: “Online shoppers will understandably be looking for bargains during the Black Friday and Christmas shopping period and we want them to do so safely. Sadly we know that criminals will look to exploit consumers at this time of year which is why good cyber security has such an important role to play.
“I would urge everyone to help us fight the scammers by following our Cyber Aware advice to set up two-step verification and use three random words passwords.”
Who?
The data suggests that the demographic most likely to fall victim to online shopping scams are those aged 19 to 25. Some 47pc of the victims were male and 41pc were female, as the remaining 12pc did not provide that info.
What to do
Anyone who think they have been a victim of fraud should contact their bank at once, and report it to Action Fraud online at actionfraud.police.uk or by calling 0300 123 2040.
Comments
The cyber firm CybSafe offers security practices for safe Black Friday and Cyber Monday shopping:
Be on the lookout for malicious emails and texts: Criminals will use the days to spam people with malicious emails and texts related to deals and discounts. If you get one of these, check the address where the email or text is coming from. Does it look legitimate? If you get something you weren’t expecting, go online and look up the details of who you think the message is from.
Watch out for spoofed domains: Criminals will set up lookalike websites of legitimate brands in a bid to trick shoppers into handing over their financial information. Always double-check the URL of the websites you visit, and be cautious of links that come in through email, text, or that are promoted on social media. Use search engines like Google to navigate to websites on your terms.
Get cyber savvy: Learn about the techniques criminals use, and then think about what you can do to improve your security. For example, use multi-factor authentication on the online accounts that offer the service. Use strong, unique passwords. Use anti-malware and email security solutions, and always keep a backup of your important data. These behaviours will make you significantly more secure online.
Oz Alashe, CEO of CybSafe said: “The holiday period is not just a time for bargain hunters, it’s also a time for criminals to hunt for financial information, sensitive data and new victims. People need to know the threats, they need to understand what to do, and what to look for. By helping people with the right security behaviours, we’ll keep more people safe.”
Mike McLellan, Director of Intelligence at Secureworks, says: “Social engineering inevitably peaks around big events like Black Friday. People are online looking for time-sensitive deals and discounts and ready to spend their money – classic ingredients for a good phishing campaign. It’s easy for attackers to catch people when their guard’s down with a deal-themed email or delivery update scams – consumers are expecting to get this type of communication, so it’s not completely unsolicited. The time pressure of a great deal expiring stops people from doing their sense checks.
“While there is a spectrum, most campaigns are mass market and not sophisticated. Even so, it’s unreasonable to expect that consumers should always be able to spot these things. Do look out for the tell-tale signs of phishing – a company name or URL spelt wrong, spelling mistakes, out of date email templates, and so on. But in addition, pay attention to activity on your bank account and if in doubt about a transaction, contact your bank; avoid clicking on links; enable multi-factor authentication – such as fingerprint – where you can; and try to avoid downloading applications of software from unofficial sources (even if it does claim to be free!).”
And Dr Darren Williams, CEO and founder of data security and ransomware prevention product company Blackfog, says: “We live in a mobile first culture with most of us relying on our smartphones for everything including our holiday shopping, a recent report found that 64 per cent of people plan to do just that this festive season. And while we rely so heavily on our mobile devices, many give very little thought to protecting them from cybercrime.
“Unsurprisingly, cybercriminals are taking full advantage. Whether it’s using unsecured public Wi-Fi networks to spy on our web sessions steal identity and credentials, sending sophisticated phishing emails, hiding malware within applications or delivering payloads through malvertising, there is no doubt that our smartphones have become a popular target.
“Consumers must do what they can to stay ahead of cybercriminals. Modern technology such anti data exfiltration ensures that even if a consumer accidentally opens a phishing email, clicks on a malicious link or gets caught out by a fake ad promising the latest deal, hackers will not be able to compromise them or their device.”
The online security awareness trainers KnowBe4 have launched ‘holiday kit resources‘. Stu Sjouwerman, CEO, KnowBe4, says: “The world is slowly but surely returning to normalcy post pandemic, however for many of us, spending more time online especially when shopping and connecting with friends and family is the new normal. This presents more opportunities for social engineering attacks and for bad actors to exploit organisations.” Resources include:
Training Video: “Stay Safe for the Holidays”
“Holiday Scams to Avoid” Video
On-Demand Webinar: Critical Considerations When Choosing Your Security Awareness Training Vendor
Whitepaper: Obtaining and Maintaining Executive Support for Your Security Awareness Training Program
Digital signage, tip sheets.
Visit https://www.knowbe4.com/holiday-resource-kit.
