NCSC updates Black Friday guidance for safe shopping

The National Cyber Security Centre has issued refreshed guidance for online shoppers ahead of Black Friday and Cyber Monday.

The NCSC has updated its guidance for safe shopping ahead of Black Friday and Cyber Monday.

With just a couple of days to go until Black Friday, bargain hunters are being encouraged to prevent cyber criminals cashing in on the annual sales rush.

The National Cyber Security Centre (NCSC) – which is a part of GCHQ – has published refreshed guidance ahead of the big day, which is closely followed by Cyber Monday.

The festive period is a potentially lucrative time of year for cyber criminals, who anticipate that consumers may slightly lower their guards during the rush to bag the best deals.

The refreshed guidance includes a number of tips aimed at helping shoppers before, during, and after making an online purchase. It also includes advice covering secure payments to steps to take if things go wrong.

The guidance complements a wider campaign, #FraudFreeXmas, launched by Action Fraud, following a surge in reports of online fraud.

Sarah Lyons, NCSC Deputy Director for Economy and Society, said:

“At this time of year our inboxes are filling up with promotional emails promising incredible deals, making it hard to tell real bargains from scams.
“We want online shoppers to feel confident they’re making the right choices and following our tips will reduce the risk of giving an early gift to cyber criminals.
“If you spot a suspicious email, report it to us or if you think you’ve fallen victim to a scam, report the details to Action Fraud and contact your bank as soon as you can.”

The advice, which can be found in full on the NCSC’s website, includes:

  • being selective about where you shop;

  • only providing necessary information;

  • using a secure protected payment;

  • keeping your accounts secure;

  • identifying suspicious emails, phone calls, and text messages, and;

  • what to do if things go wrong.

Helen Dickinson OBE, Chief Executive of the British Retail Consortium, said:

“With more and more of us browsing and shopping online, retailers have invested in cutting-edge systems and expertise to protect their customers from cyber-threats, and the BRC recently published a Cyber Resilience Toolkit for extra support to help to make the industry more secure.
“However, we as customers also have a part to play and should follow the NCSC’s helpful tips for staying safe online.”

As part of its ongoing work to protect the public from cyber criminals, the NCSC’s takedown service, which is part of its Active Cyber Defence programme, has removed 113,000 malicious URLs from fake online shops over the past 12 months.

These sites would collect victim credit card details and customers would either get counterfeit goods in return or no goods at all.

Earlier this year, the NCSC and the City of London Police launched the Suspicious Email Reporting Service (SERS), which received 2.3 million reports from the public in its first four months resulting in thousands of malicious websites being taken down. Members of the public who have received a suspicious-looking email over the holiday period should forward it to

More tips on protecting yourself and your family online can be found by visiting the government’s Cyber Aware website, which details six steps that will help protect against the majority of common cyber threats.


* Is your business cyber secure? Sign up for our FREE core membership and strengthen your resilience to online crime and cyber attacks.

Also check out our Trusted Partners and learn how they can boost your cyber defences through the Government-backed Cyber Essentials programme.


The contents of blog posts on this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of East Midlands Cyber Resilience Centre (EMCRC) is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others. Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. EMCRC provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us by email.


EMCRC does not accept any responsibility for any loss which may arise from reliance on information or materials published on this blog. EMCRC is not responsible for the content of external internet sites that link to this site or which are linked from it.