We’re supporting the NCSC's Cyber Aware campaign ahead of Black Friday and Cyber Monday and during the Christmas shopping period in a bid to make employees more alert to online shopping threats.
The Cyber Aware campaign is the Government’s flagship cyber security campaign, bringing together expertise from the NCSC as the UK’s technical authority on cyber security, Cabinet Office, DCMS, Home Office and law enforcement, including City of London Police, Action Fraud and partners.
As such, the Cyber Aware campaign, which has been launched prior to the peak Christmas shopping period, aims to ensure that citizens are empowered to shop safely and successfully online.
Along with the above-mentioned organisations, and as one of a network of Cyber Resilience Centre’s across England and Wales whose purpose is to guide and help businesses and their employees to understand and achieve better cyber resilience, we’re urging employees to protect their personal accounts, check before they buy, and use secure payment methods in order to stay ahead of the threat from criminals this shopping season.
Since April 2020, members of the public have reported over 15 million suspicious emails to the UK’s cyber experts, resulting in the take down of more than 184,000 online scams.
According to new data from the National Fraud Intelligence Bureau (NFIB), shoppers lost over £15 million to cyber criminals during the festive period last year, with an average loss of £1,000 per person. This year, the threat of this is made even more acute by cost-of-living pressures.
While businesses continuously work to ensure their internal systems are as secure as possible, we want to ensure your staff are as protected as possible on their personal accounts (or work accounts for that matter!) during the Christmas shopping period.
That is why we are working with Action Fraud and the NCSC particularly to advise your staff and help reduce their risk of suffering similar losses during this year’s Black Friday (November 25), Cyber Monday (November 28) and the following pre-Christmas period.
The messages we’re promoting are:
Protect your accounts: set up 2-step verification and use three random words passwords to prevent cyber criminals from gaining access to your shopping, bank or email accounts.
Check before you buy: Research online retailers, particularly if you haven’t bought from them before, to check they’re legitimate. Read feedback from people or organisations that you trust, such as consumer websites.
Pay securely: Use a credit card when shopping online, if you have one. Most major credit card providers protect online purchases and are obliged to refund you in certain circumstances. Using a credit card (rather than a debit card) also means that if your payment details are stolen, your main bank account won’t be directly affected. Also consider using a payment platform, such as PayPal, Google or Apple Pay. And whenever you pay, look for the closed padlock in the web address bar - it means your connection is secure.
Detective Sergeant Colin Ellis of the East Midlands Special Operations Unit (EMSOU), and Police Lead at the EMCRC, said:
“The figures quoted are astounding, that’s why we’re amplifying the messages and information about how staff and individuals can better protect themselves against fraud at this time of year.
"Be alert to deals which sound too good to be true – because they often are! Look out for phishing emails, and if something doesn’t look right, report it. Sadly, we will never rid the internet of fraudsters, but we can help ourselves and others to avoid becoming a victim to their fraudulent tactics.
“A business’s employees can be the barrier to fraud – but they need to know the signs of fraudulent activity in the first instance, and how to stay as safe as possible.
At the EMCRC, we offer Staff Awareness Training as an affordable service to businesses, and our free membership offers guidance, the latest cyber security and fraud updates and corporate risk assessments to check that you have everything you need to keep your cyber estate secure”
If you’ve received an email that you’re not sure about, forward it to the Suspicious Email Reporting Service (SERS) at firstname.lastname@example.org. If you've received a suspicious text message, forward it to 7726 (free of charge).
If you think you’ve been a victim of fraud, contact your bank immediately and report it to Action Fraud online at actionfraud.police.uk or by calling 0300 123 2040. If you live in Scotland, all reports of fraud and any other financial crime should be reported to Police via 101.