GCHQ Warns About Black Friday Hacking Threat


November 2018

GCHQ Warns About Black Friday Hacking Threat

The UK’s agency for the defence against cyber-crime has issued a warning to shoppers that this year’s Black Friday sales could make them ‘prime pickings’ for some form of cyber-crime.

With this year’s Christmas shopping period fast approaching, this is the first official warning issued by the Government Communications Headquarters’ (GCHQ) National Cyber Security Centre (NCSC)

The GCHQ’s technical director, Ian Levy, advised that “it’s vital that knowledge is shared” and that more shoppers are clued up on the potential for “malicious” online threats, with the NCSC going as far as to say a “national cyber-chat” needs to be started on Black Friday when the amount the public spends will be in the billions.

Despite the complexity of many elaborate attempts to steal the public’s information, Levy explains that “staying safe online doesn't require deep technical knowledge”. The NCSC issued the following steps to help shoppers reduce the risk of becoming a victim of a cyber-crime:

  • Install the latest software and app updates
  • Choose strong and separate passwords for accounts
  • Type in a shop's website address rather than clicking on links in emails
  • Avoid over-sharing unnecessary information with shops, even if they ask
  • Don't panic if you think you've been a victim of fraud
  • Keep an eye on bank accounts for unrecognised payments
  • Make sure all your home gadgets are secure

The agency has tackled more than 550 serious cyber-crimes in the last year alone, taking down a further 140,000 websites ‘phishing’ for victims’ personal and banking details.

It now wants to start a dialogue with the public about protecting themselves from such threats, especially during events like Black Friday when the sheer quantity of online transactions implies a heightened level of vulnerability. For the first time ever, the agency will be issuing advice and answering questions from the public online via Twitter.

Ciaran Martin, the agency’s chief executive, described “elite hackers” based in other countries waging a “serious and sustained” attack against the UK public, further highlighting the gravity of the situation by explicitly stating that “it is not speculation and it is not scare-mongering” as “large-scale criminal cyber-activity is, sadly, ubiquitous.”

Attacks on the financial networks that shops depend on could lead to the potential “theft of millions” from unsuspecting shoppers’ bank accounts, Martin warned.

Data breaches cost on average £3m, with last year’s WannaCry cyber-attack costing the United States over £3.5bn. NotPetya, another attack last year, cost US pharmaceutical giant Merck over £240m alone as they had to replace their IT infrastructure as a result. Fedex also suffered losses of £230m, whilst shipping company Mearsk lost a further £155m.

The calls for better cyber-security during the run up to Christmas has been backed by the British Retail Consortium. Their security adviser, James Martin, reassured shoppers that retailers are taking the necessary precautions to prevent any losses: “with more and more shoppers looking to get the best deals online, retailers continue to invest significantly in developing the right tools and expertise to protect against cyber-threats”.