Call Us
0808 164 4142
ServiceDesk
Blog
Careers
Contact Us

Wednesday, 30 November 2022

Make sure your staff know to exercise online shopping caution

With many devices being used for work and personal use, education on seasonal cyber-security dangers has never been more important. Find out more here...

With the lines blurring between our digital lives at home and at work and many devices being used for work and personal use, the need to educate staff about seasonal cyber-security dangers has never been more important.

With Black Friday and Cyber Monday sales bombarding our inboxes recently (and some still ongoing) cyber security experts are warning of increased cyber threats this festive season, with hackers and cyber criminals seeking to exploit the Football World Cup and online shoppers in the lead up to Christmas.

A triple whammy of cyber exploits

Given that the lines between our digital working and home lives have become so blurred, with many devices being used for personal and work tasks, it’s more important than ever that organisations ensure that their staff are aware of the potential risks.

Cyber security researchers have already uncovered thousands of scams seeking to take advantage of the interest in the FIFA World Cup in Qatar. The Digital Shadows Photon research team(1) has identified a shocking number of World Cup themed exploits. These include brand protection issues, cyber threats and data leakages. Over 170 domains were found which impersonated official World Cup sites, many of them phishing websites designed to steal victims’ data.

In addition, the team identified 53 malicious apps that had been developed to exploit global interest in the football tournament. These apps were designed to steal data and credentials and download malware payloads. Further, the team found evidence of social media pages designed to spread dubious affiliate marketing or pyramid scams.

Christmas shopping is even more difficult this year

At the same time as facing increased cyber security activity around the World Cup, cyber security experts have warned about increased cyber criminal activity in the run up to Christmas. The UK’s National Cyber Security Centre(2) (NCSC) has reported that victims of online shopping scams last year lost an average of £1,000 per person.

It cites a report by Action Fraud which found that people had fallen victim to scams on seemingly reputable social media accounts, on websites and on online shopping sites. The NCSC(3) has warned that the desire to find bargains when shopping online feels even more pressing this year, with many people struggling with household budgets in the current economic climate.

It says, “…when millions of customers – many of whom will be tightening their belts – are looking for the best deals, we know that fraudsters will have bargain-hunting shoppers in their sights.”

Cyber security recommendations to share with staff

To help protect your staff from falling victim to this kind of cyber activity, NCSC makes a number of recommendations.

#1. Choose carefully where you shop

Research online retailers, particularly if you haven’t purchased from them before. Read feedback from people or organisations that you trust.

#2. Practice good password security

Protect your online shopping accounts with good password security, choosing strong passwords, not duplicating passwords and setting up two-step verification where possible.

#3. Pay with a credit card where possible

Most major credit card providers protect online purchases and are obliged to give you a refund if things go wrong. Plus, if your payment details are stolen, your main bank account won’t be directly affected.

#4. Don’t share more details than absolutely necessary

You should only fill in the mandatory details on a website when making a purchase. Don’t make an online account unless you use that store regularly. And don’t allow the website to store your payment details for next time. Never pay by direct bank transfer.

#5. Stay alert for suspicious activity

Cyber security awareness training can help to raise staff awareness about cyber threats. By understanding the tell-tale signs that something isn’t legitimate, staff can make better decisions about opening links or emails.

#6. Report it when things go wrong

If you see what you think is a scam email, app or website, report it to the NCSC. Last year, the British public made 6.5 million reports to the suspicious email service and, as a result, 62,000 scam websites were taken down.

It’s easy to click on the wrong link when your attention is elsewhere, so during this busy time remembering to prioritise cyber security is important. Reminding staff of this at this busy time of year can be really helpful. Always stay on your guard and exercise caution when sharing any details online.

What now?

If you’d like to discuss how you can raise cyber security awareness through your team, please get in touch. We have a number of solutions that can help.

Call us: 0808 164 4142 or message us online.

Further reading

Discover more cyber security tips on our blog:

How do you solve a problem like Suella?

A recent case exposes why cyber security requires multiple lines of defence

Meeting the new Cyber Essentials requirements

Staff Training: Your First Line of Defence in IT Security

 

Sources:

1. https://www.computerweekly.com/news/252527152/Cyber-criminals-have-World-Cup-Qatar-2022-in-their-sights

2. https://www.ncsc.gov.uk/news/festive-shoppers-urged-to-be-cyber-aware

3. https://www.ncsc.gov.uk/news/ncsc-and-law-enforcement-encourage-vigilance-when-shopping-online-this-christmas