NCSC warns of sophisticated scams during Black Friday
The National Cyber Security Centre (NCSC) has issued a warning regarding the rising threat of sophisticated scams targeting consumers during the Black Friday and Cyber Monday shopping period.
Scammers are using advanced tactics to trick bargain hunters out of their money, with some frauds being crafted using artificial intelligence (AI), making them increasingly difficult to detect. The risk is not only faced by individual shoppers but also by businesses, which may fall prey to cyber-attacks in the midst of high-volume sales activities.
According to statistics, over 32,000 fraud and cybercrime reports were made to Action Fraud in November 2023. Notably, more than 3,500 reports were lodged by businesses, culminating in financial losses amounting to GBP £30.4 million.
Luke Dash, CEO of ISMS.online, expressed concerns about the heightened risks during this shopping frenzy, commonly referred to as Black Friday. "Brands are already promoting Black Friday and Cyber Monday sales, promising customers huge discounts and festive bargains. However, Black Friday also brings a heightened risk of cyber-attack for organisations. It offers a broader opportunity for cybercriminals, particularly with the increase in urgent and time-sensitive bargains offered by legitimate businesses," he stated.
Dash highlighted one of the primary vulnerabilities being exploited - weak passwords. He noted that despite repeated warnings, simple passwords like "123456" remain in use, thereby facilitating large-scale brute-force attacks. "Because many users continue to reuse the same passwords across their accounts, once a cybercriminal has cracked one account, they can access many more. This includes email profiles, corporate networks, and business systems, dramatically increasing an organisation's risk profile," he explained.
Additionally, AI-powered technology has become a tool for fraudsters, enabling them to create fake websites virtually indistinguishable from legitimate ones or conduct sophisticated deepfake attacks. "Whether AI is used to create fraudulent emails, attempt business email compromise-style attacks or create deepfakes to convince staff to make unauthorised payments, AI-driven scams can impact businesses during the discount period, too," Dash pointed out.
To counter these threats, Dash recommends organisations take several precautionary measures. "To mitigate these and other risks this Black Friday, organisations should: Implement comprehensive training programs to help employees identify and report potential attacks; Enforce strong password policies, including a minimum character requirement, recommend multi-factor authentication (MFA), and regular password changes; Implement effective and proportional controls to manage organisational data and information, such as regular installation of updates and patches for the software in your organisation, data protection and effective access management," he advised.