The NCSC encourages small retailers to protect their customers from cyber criminals over Black Friday and this key shopping period leading up to Christmas.
The National Cyber Security Centre (NCSC) is urging small retailers to safeguard their customers and profits from cyber criminals and the threat of callous shopping skimmers who could target them on Black Friday and Cyber Monday.
Skimming entails exploiting vulnerabilities in software employed at the checkout page on shopping sites to divert payments and take details of unaware customers.
The NCSC – a part of GCHQ – proactively detected 4,151 at threat online shops up to the end of September and notified retailers of these security weaknesses.
Most online shops exploited for skimming detected by the NCSC had been compromised through a known vulnerability in Magento, a popular e-commerce platform.
Retailers have been warned they must make sure that Magento – and any other software they use – is up to date. The NCSC’s website has guidance on running a secure website, such as moving businesses from the physical to the digital.
Preventing cyber criminals
NCSC Deputy Director for Economy and Society Sarah Lyons said: “We want small and medium-sized online retailers to know how to prevent their sites from being exploited by opportunistic cyber criminals over the peak shopping period.
“Falling victim to cyber crime could leave you and your customers out of pocket and cause reputational damage.
“It’s important to keep websites as secure as possible and I would urge all business owners to follow our guidance and make sure their software is up to date.”
Black Friday threats
The Chancellor of the Duchy of Lancaster Steve Barclay added: “On Black Friday and Cyber Monday, the hackers will be out to steal shoppers’ cash and damage the reputations of businesses by making their websites into cyber traps.
“It’s critical, with more and more trade moving online, to protect your business and your customers by following the guidance provided by the National Cyber Security Centre and British Retail Consortium.”
British Retail Consortium Assistant Director for Consumer, Competition and Regulatory Affairs Graham Wynn explained: “Skimming and other cyber security breaches are a threat to all retailers.
“The British Retail Consortium strongly urges all retailers to follow the NCSC’s advice and check their preparedness for any cyber issues that could arise during the busy end of year period.
“The Cyber Resilience Toolkit for Retail, produced in partnership with NCSC, is available on the British Retail Consortium’s website for retailers to consult and boost cyber defences.”
Active Cyber Defence programme
The at-risk shopping websites were detected by the NCSC’s Active Cyber Defence programme, which aims to eliminate malicious websites and scams from the internet before causing harm to the public.
The NCSC has monitored shops since April 2020 and circulated warnings to site owners and SMEs about their software being up to date.
With more businesses utilising technology and e-commerce than ever before, it has never been more crucial to think about online security.
Individuals should visit ncsc.gov.uk for clear guidance on the steps to take to protect their accounts and devices from being targeted by cyber criminals.