Guidance for retailers to prevent websites becoming Black Friday cyber traps
22 Nov 2021 01:34 PM
The NCSC encourages small online shops to protect their customers from cyber criminals over key shopping period.
- National Cyber Security Centre notified over 4,000 small business sites whose customers' payment details were being stolen
- The UK’s cyber experts reveal that hackers are exploiting a vulnerability in popular e-commerce software
- SMEs urged to update software to avoid financial and reputational damage
Small online retailers are being encouraged to protect their customers and profits from the threat of callous shopping skimmers who could target them on Black Friday and Cyber Monday.
The activity of skimming exploits a vulnerability in software used at the checkout page on shopping sites to divert payments and steal details of unsuspecting customers. The National Cyber Security Centre – a part of GCHQ – proactively identified 4,151 compromised online shops up to the end of September and alerted retailers to these security vulnerabilities.
The majority of the online shops used for skimming identified by the NCSC had been compromised via a known vulnerability in Magento, a popular e-commerce platform.
Retailers are urged to ensure that Magento and any other software they use – is up to date. The NCSC’s website has guidance on running a secure website, including moving businesses from the physical to the digital.
NCSC Deputy Director for Economy and Society Sarah Lyons yesterday said:
“We want small and medium-sized online retailers to know how to prevent their sites being exploited by opportunistic cyber criminals over the peak shopping period.
“Falling victim to cyber crime could leave you and your customers out of pocket and cause reputational damage.
“It’s important to keep websites as secure as possible and I would urge all business owners to follow our guidance and make sure their software is up to date.”
The Chancellor of the Duchy of Lancaster Steve Barclay yesterday said:
"On Black Friday and Cyber Monday the hackers will be out to steal shoppers' cash and damage the reputations of businesses by making their websites into cyber traps.
"It's critical, with more and more trade moving online, to protect your business and your customers by following the guidance provided by the National Cyber Security Centre and British Retail Consortium."
British Retail Consortium Assistant Director for Consumer, Competition and Regulatory Affairs Graham Wynn yesterday said:
“Skimming and other cyber security breaches are a threat to all retailers.
“The British Retail Consortium strongly urges all retailers to follow the NCSC’s advice and check their preparedness for any cyber issues that could arise during the busy end of year period.
“The Cyber Resilience Toolkit for Retail, produced in partnership with NCSC, is available on the British Retail Consortium’s website for retailers to consult and boost cyber defences.”
The compromised shopping websites were identified by the NCSC’s Active Cyber Defence programme, which seeks to remove malicious websites and scams from the internet before they harm the public. The NCSC has monitored for these shops since April 2020 and issued warnings to site owners and SMEs about their software being up-to-date.
With more businesses using technology and e-commerce than ever before, it has never been more important to think about online security – whether IT is managed in-house or by an external service provider.
Individuals should visit ncsc.gov.uk for clear guidance on the steps to take to protect their accounts and devices from the majority of online harms.