Small online retailers are being encouraged to protect their customers and profits from the threat of callous shopping skimmers who could target them on Black Friday and Cyber Monday.
The activity of skimming exploits a vulnerability in software used at the checkout page on shopping sites to divert payments and steal details of unassuming customers. The National Cyber Security – a part of GCHQ – proactively identified 4,151 compromised online shops up to the end of September and alerted retailers to these security vulnerabilities.
The majority of the online shops used for skimming identified by the NCSC had been compromised via a known vulnerability in Magento, a popular e-commerce platform. Retailers are urged to ensure that Magento – and any other software they use – is up to date. The NCSC’s website has guidance on running a secure website, including moving businesses from the physical to the digital.
“We want small and medium-sized online retailers to know how to prevent their sites being exploited by opportunistic cyber criminals over the peak shopping period,” said Sarah Lyons, NCSC Deputy Director for Economy and Society. “Falling victim to cyber crime could leave you and your customers out of pocket and cause reputational damage. It’s important to keep websites as secure as possible and I would urge all business owners to follow our guidance and make sure their software is up to date.”
“On Black Friday and Cyber Monday the hackers will be out to steal shoppers’ cash and damage the reputations of businesses by making their websites into cyber traps,” said Steve Barclay, Chancellor of the Duchy of Lancaster. “It’s critical, with more and more trade moving online, to protect your business and your customers by following the guidance provided by the National Cyber Security Centre and British Retail Consortium.”
“Skimming and other cyber security breaches are a threat to all retailers,” said Graham Wynn, British Retail Consortium Assistant Director for Consumer, Competition and Regulatory Affairs. “The British Retail Consortium strongly urges all retailers to follow the NCSC’s advice and check their preparedness for any cyber issues that could arise during the busy end of year period. The Cyber Resilience Toolkit for Retail, produced in partnership with NCSC, is available on the British Retail Consortium’s website for retailers to consult and boost cyber defences.”
The compromised shopping websites were identified by the NCSC’s Active Cyber Defence programme, which seeks to remove malicious websites and scams from the internet before they harm the public. The NCSC has monitored for these shops since April 2020 and issued warnings to site owners and SMEs about their software being up-to-date.
With more businesses using technology and e-commerce than ever before, it has never been more important to think about online security – whether IT is managed in-house or by an external service provider.