GCHQ warns on Black Friday cyber-threat

Black Friday sales could be targeted as “prime pickings” for cyber-crime, the UK’s cyber-security defence agency has warned shoppers.

The National Cyber Security Centre, part of the GCHQ intelligence service, is issuing advice to shoppers of the risk of “malicious” online threats.

It is the first such official cyber-warning in the run-up to the Christmas shopping season.

“It’s vital that knowledge is shared,” says Ian Levy of the cyber-agency.

The cyber-wing of the GCHQ communications centre says it wants to start a “national cyber-chat” on Black Friday when billions are spent on online shopping.

Speaking in public

It might be known for working in secret, but the agency wants to engage with the public over the seriousness of the threat.

It has been involved in trying to tackle more than 550 significant cyber-incidents in the past 12 months, and has taken down almost 140,000 “phishing” websites used by fraudsters.

The National Cyber Security Centre (NCSC) is giving tips for individual consumers to avoid cyber-crime – and for the first time it will be publishing answers to questions from the public on Twitter.

“Staying safe online doesn’t require deep technical knowledge, and we want the whole country to know that the NCSC speaks the same language as them,” said Mr Levy, the cyber-defence agency’s technical director.

“With so many of the UK shopping online, we want to see these tips shared from classrooms and scout groups to family dinner tables and old people’s homes.”

The agency’s chief executive, Ciaran Martin, recently told a meeting of business leaders of a “serious and sustained” threat, including from “elite hackers” in other countries.

“It is not speculation and it is not scare-mongering,” said Mr Martin. “Large-scale criminal cyber-activity is, sadly, ubiquitous.”

This could include the “theft of millions” from retailers and attacks on financial networks on which shops depend, he said.

‘Post-Christmas headache’

A data breach had an average cost of £3m, he said – and there were estimates that the WannaCry cyber-attack last year had cost the United States £3.5bn.

Another cyber-attack last year, known as NotPetya, had cost one firm up to £250m, including the cost of replacement IT equipment.

The British Retail Consortium is backing the calls for better cyber-security during the Christmas shopping season.

“With more and more shoppers looking to get the best deals online, retailers continue to invest significantly in developing the right tools and expertise to protect against cyber-threats,” says James Martin, security adviser to the retailers’ organisation.

But he warned of the danger of cyber-crime causing a “post-Christmas headache”.

The National Cyber Security Centre’s advice to reduce the risk of cyber-crime is:

• Install the latest software and app updates
• Choose strong and separate passwords for accounts
• Type in a shop’s website address rather than clicking on links in emails
• Avoid over-sharing unnecessary information with shops, even if they ask
• Don’t panic if you think you’ve been a victim of fraud
• Keep an eye on bank accounts for unrecognised payments
• Make sure all your home gadgets are secure