The annual Black Friday and Cyber Monday retail security warnings have started to drop in the form of new guidelines from the National Cyber Security Center (NCSC) for retailers, as well as direct notifications to more. of 4,000 small business sites where the UK cybersecurity agency discovered that customer payment details were pending. stolen by online credit card skimmers.
The NCSC said that up to the end of September, its Active Cyber Defense (ACD) program had identified 4,151 online retail websites that unintentionally “hosted” credit card skimmers, who exploit software vulnerabilities. payment method to hijack payments and steal customer data.
Many of them have been compromised by a long-disclosed vulnerability in Adobe’s Magento product, which despite repeated warnings, many small businesses fail to update, either due to lack of IT capacity or ignoring.
“We want small and medium online retailers to know how to prevent their sites from being exploited by opportunistic cybercriminals during peak shopping times,” said Sarah Lyons, deputy director of economics and society at NCSC.
“Being a victim of cybercrime could leave you and your customers out of your pocket and damage your reputation. It’s important to keep websites as secure as possible and I urge all business owners to follow our advice and make sure their software is up to date.
Sarah Lyons, NCSC
Graham Wynn, Director of Consumer Affairs, Competition and Regulatory Affairs at the British Retail Consortium (BRC), added: “Skimming and other cybersecurity breaches are a threat to all retailers. The British Retail Consortium urges all retailers to follow the advice of the NCSC and check their preparedness for any cyber issues that may arise during the busy year-end period.
The NCSC’s complete guidelines on safely running a small business online can be found here. It also offers advice to consumers to better protect themselves when making virtual purchases.
The peak of the holiday of online fraud and digital crime against retailers and their customers – which begins in earnest this week before the Thanksgiving holiday in the United States on Thursday, November 25 – has now become such a century-old tradition in the community. of cybersecurity than the holidays themselves.
Kaspersky, for example, has already seen an increase in phishing attempts against users of online payment services, as well as multiple spam campaigns using Black Friday sales as a lure.
Check Point’s data group manager Omer Dembinsky said his systems are currently seeing more than 5,000 new malicious websites created every week, an increase of almost 200% from the 2021 average.
“Hackers are redoubling their efforts to lure consumers into fraud through ‘too good to be true’ offers, promising big discounts such as 80% or 85% off. Their strategy is to capitalize on a consumer’s enthusiasm after posting a mind-blowing discount. I strongly urge consumers to beware of these “too good to be true” offers when shopping online, ”Dembinsky said.
“You can protect yourself by being alert to similar areas, buying from trusted sources, and spotting password reset and other account-related notifications that show excessive urgency. Do not click on these links and, if necessary, go directly to the website and change your account details.