The National Cyber Security Centre (NCSC) wants to start a cyber chat with people before they go shopping online this weekend. Brits are likely to spend over £3.5 billion in the next few days as they seek bargains online. The NCSC hopes its cyber chat will help reduce the risk of shoppers falling prey to Black Friday scams.
The cyber chat will take place on the NCSC Twitter feed (@NCSC). People are invited to submit their questions about cyber security. These will be answered by a number of VIPs that the NCSC is inviting to participate.
This is not just about Black Friday. The NCSC is also warning that from now until the end of the January sales, cyber criminals will be actively targeting shoppers and retailers.
Dr Ian Levy, the NCSC’s Technical Director, said: “We know that cyber security can seem like a daunting subject, but sharing knowledge today will protect your loved ones tomorrow. Staying safe online doesn’t require deep technical knowledge, and we want the whole country to know that the NCSC speaks the same language as them.
“It’s vital that knowledge is shared, and that’s why we’re encouraging everybody to have a cyber chat. With so many of the UK shopping online, we want to see these tips shared from classrooms and scout groups to family dinner tables and old people’s homes.”
Seven tips from the NCSC
The NCSC has also issued seven tips to help keep online shoppers safe. They are:
- Stay up to date: Install the latest software and app updates
- Secure your important accounts: Secure your important accounts, by having a strong and separate password on your email; turning on 2 Factor Authentication; and using a password manager.
- Shop smart: Don’t click on links in emails and text messages – if you see a deal that seems too good to be true, it probably is. Don’t be pressured into taking a fantastic deal without thinking it through. There’s probably a reason why it’s so much cheaper than other websites. Don’t follow a link in an email, instead type the shop’s website address manually into your address bar or find the website through your search engine (e.g. Google, Bing). Shop on sites that you trust.
- Avoid oversharing: Don’t give away too much information at the checkout – no one need’s to know your mother’s maiden name or inside leg measurement! Only fill in the mandatory details (usually marked with an asterisk*) when making a purchase. If you can avoid it, don’t create an account on a new site unless you’re going to use that site a lot in the future.
- Don’t panic: Don’t panic if you think you’ve been a victim of fraud
- Review accounts: Keep an eye on your bank and credit card systems
- Secure your gadgets: Secure any smart gadget’s you’ve bought
Retailers need to do their bit
While the emphasis here is on helping shoppers stay safe, retailers also need to take more responsibility. The use of third party services has led to several online breaches recently. In all cases, the cyber criminals got away with personal and payment card data. This leaves shoppers heavily exposed to attack. Retailers such as British Airways, Ticketmaster and, just this week, Vision Direct and Amazon have all been affected.
As shoppers hit stores looking to save anything they can, many will rely on the security of the websites that they connect to. Even paying attention to the padlock at the top of the page or making sure it is HTTPS, does not protect data. Three weeks ago, Sectigo called out Google for weakening online protection for users.
All of this strengthens the case for the NCSC advice to shoppers. We will not get through the next four days without a retailer suffering a data outage or data breach. Between now and the end of the January sales, expect several breaches to become public knowledge. While a breach causes some problems for retailers, those suffering high-profile breaches have shown that they are not as business threatening as often thought.
What does this mean
Shopping online can be a minefield at the best of times. Fake sites, sites with very similar names but different extensions, phishing, unicode enabling site impersonation – these are all issues users have to deal with on the Internet every day. Once you combine that with the urge to bag a bargain, common sense often goes out the window.
It is not just about a user having their card details stolen and cloned. Many users reuse their online credentials. Using the same username and recycling passwords means that every time data is stolen, the risk to other sites that they frequent increases.
The recycling of passwords between consumer accounts and business accounts is a major problem for IT security teams. Over the next two months, IT security teams will need to be on their game to spot the use of stolen credentials.
One thing that companies could and should do is follow the example of the NCSC. Allow users to report when their personal credentials have been compromised. They could offer help with security scans of devices and how to setup fraud protection. It would also allow them to ensure users change their business passwords as well.
Well done to the NCSC for this cyber chat. It will be interesting to see what people ask.