Black Friday sales are on. With savings of up to hundreds of dollars up for grabs and Covid-related worries still hampering brick-and-mortar shopping, consumers are flocking to online retailers. And so are opportunistic cybercriminals. Hence why the National Cyber Security Centre (NCSC) has issued a warning to retailers to make sure their websites don’t become Black Friday cyber traps.
Thousands of Retail Websites Hacked
In a guidance note issued on Monday, the UK’s National Cyber Security Centre (NCSC) said it has notified over 4,000 small businesses whose customers’ payment details were being stolen. Cyber experts have revealed that hackers are exploiting a known vulnerability in a popular e-commerce platform called Magento.
Worldwide, people have downloaded this open-source software more than 2.5 million times. Retailers use its drag-and-drop tools to quickly and easily create modern-looking online stores. Unfortunately, many retailers haven’t patched their software yet, despite earlier warnings. Therefore, the NCSC is urging small and medium businesses to take urgent action now.
If left unpatched, opportunistic cybercriminals are able to exploit the vulnerability to skim credit card details and steal personal information from unsuspecting customers. And even divert payments to their own pockets. “It’s important to keep websites as secure as possible and I would urge all business owners to follow our guidance and make sure their software is up to date,” said the NCSC.
NCSC Actively Monitors Shops
The compromised shopping websites were identified by the NCSC’s Active Cyber Defence (ACD) program. The NCSC designed this ambitious project in 2016 to improve online security and remove malicious websites and scams from the internet before they harm the public. The ACD has monitored shops using Magento since mid-2020 and issued warnings to site owners and SMEs.
Since its inception, the ACD has been very transparent about its progress. They also celebrated some big wins. Last year alone, the ACD managed to take down over 70,000 online scams totaling 1.4 million URLs in total. Furthermore, the ACD took an important role in responding to the SolarWinds Orion compromise.
“With more businesses using technology and e-commerce than ever before, it has never been more important to think about online security – whether IT is managed in-house or by an external service provider,” explained the NCSC.
Black Friday Heyday for Cybercriminals
Small online retailers are being encouraged to protect their customers and profits from the threat of callous shopping skimmers who could target them on Black Friday and Cyber Monday. “On Black Friday and Cyber Monday hackers will be out to steal shoppers’ cash and damage the reputations of businesses by making their websites into cyber traps,” warns the NCSC.
The NCSC also reiterated advice to consumers on how to shop safely online. Some basic tips include:
- Always install the latest software, patches, and app updates and keep your account secure by using strong passwords, for example.
- Type in the shops’ URL into your browser window yourself. Avoid clicking through from a link you’ve received via text or a Facebook feed.
- Be extra aware of online scams, phishing emails, and suspicious messages (including so-called delivery updates!).
- Don’t store your credit card details on the website. Keep an eye on your bank accounts and look out for unrecognized payments.
Unfortunately, it’s not just faceless hackers that consumers should be concerned about. Some websites themselves are riddled with big data collection programs that track customers’ every move. VPNOverview took a critical look at the privacy policies of the ten most popular Black Friday and Cyber Monday webshops. We also checked exactly what kind of information they’re storing. You can read the full article here.