Online shoppers should be vigilant about various cyber threats ahead of Black Friday and Cyber Monday to protect their personal and financial information. Here we list the top 10 cyber security risks to be mindful of, but this year, there’s another threat: AI!

Cyber security chiefs are encouraging Black Friday bargain hunters to increase their vigilance this shopping season as online fraudsters are likely to use artificial intelligence (AI) to increase the perceived legitimacy of their scams.

The National Cyber Security Centre (NCSC) - which is a part of the UK’s intelligence agency GCHQ - is warning that cyber criminals are likely to use AI technology such as large language models to produce more convincing scam emails, fake adverts, and bogus websites.

While AI offers huge opportunities for society, it can also be exploited by fraudsters to help them produce accurate and professional looking content intended to dupe victims into giving away their financial details or download malware on an increasingly large scale.

The warning comes as new data from Revealing Reality/Yonder found that 72% of British people are worried that new technology such as AI will make it easier for criminals to commit online fraud.

Previously, scams could often be identified by features such as poor grammar or spelling, come from an unusual email address, or feature imagery or design that feels ‘off’. But while AI might generate more polished communication in phishing attempts, many of the typical hallmarks of a scam remain the same.

The NCSC is urging shoppers to look out for:

Urgency: Are you told you only have a limited time to respond? Criminals often threaten negative consequences or costs.

Scarcity: Is the message offering something in short supply? Fear of missing out on a good deal can make you respond quickly.

Current events, such as Black Friday: Criminals will often exploit current news stories or specific times of year to make their scam seem more relevant.

Shoppers are also being reminded that while scams are increasingly convincing, it is even more important to have basic security measures in place when it comes to email security, including switching on 2-step verification (2SV) and have a strong password made up of three random words.

Let’s take a look at some of the common online threats shoppers should be mindful of:

• Phishing Attacks: Cybercriminals use deceptive emails or messages to trick users into revealing sensitive information or clicking on malicious links that can compromise their data.
• Identity Theft: Theft of personal information such as credit card details, social security numbers, and other sensitive data to impersonate the victim for fraudulent activities.
• Unsecured Wi-Fi Networks: Shopping on unsecured public Wi-Fi networks can expose your data to hackers who may intercept your information.
• Fake or Fraudulent Websites: Scammers create fake websites that mimic legitimate ones to deceive users into entering their payment details, leading to financial losses and data theft.
• Malware and Ransomware: Malicious software can infect a user's device, giving hackers access to sensitive information, or locking them out of their systems until a ransom is paid.
• Weak Passwords and Credential Theft: Weak or reused passwords make it easier for hackers to access accounts. Credential theft occurs through data breaches or phishing attacks.
• Card Skimming: Hackers use devices to steal credit card information during online transactions or from compromised payment terminals.
• Unsecure Mobile Shopping Apps: Using vulnerable or fake mobile shopping apps can lead to data breaches and the compromise of personal information.
• Insecure Payment Gateways: Inadequately secured payment systems or gateways can be targeted by cybercriminals to steal financial information during transactions.
• Social Engineering: Hackers exploit human psychology to manipulate individuals into revealing sensitive information or performing certain actions to gain unauthorised access.

To mitigate these risks, online shoppers should take measures such as using secure and updated software, enabling multi-factor authentication, verifying website security (look for HTTPS and a padlock symbol), avoiding public Wi-Fi for transactions, and regularly monitoring their financial accounts for any suspicious activity.

Additionally, keeping informed about the latest security threats and staying cautious while shopping online is crucial for a safer online experience.

Felicity Oswald, NCSC Chief Operating Officer, said:

“As we enter the Black Friday and festive shopping period, online shoppers will naturally be on the lookout for bargain buys. 

“Regrettably, cyber criminals view this time of year as an opportunity to scam people out of their hard-earned cash, and the increased availability and capability of technology like large language models is making scams more convincing.

“I would urge shoppers to follow steps which include setting up two-step verification and using passwords with three random words, so they’re easier to remember and harder to hack.”

New data published by the National Fraud Intelligence Bureau (NFIB), which is run by the City of London Police, revealed that British people lost £10.6 million to online scammers between November 2022 and January 2023 - with each victim losing £639 on average.

The figures, which come from the reports made to Action Fraud and analysed by the NFIB, revealed that over half of reports (51%) mentioned one social media account, showing that social media platforms are by far the most likely medium for shopping and auction fraud to take place.

The figures also revealed that the age group most likely to fall victim to a scam were 25–34 year olds, closely followed by the 35-44 and 18-24 age groups.

Pauline Smith, Head of Action Fraud, said:

“We know that because of the rising cost of living, people are looking to try and get the most from their money and save where they can. This year’s festive season will no doubt add pressure on people at an already expensive time of year.

“With retailers already slashing prices for Black Friday and Cyber Monday deals, it is easy to rush into making a purchase to try and grab a bargain. But don’t forget, criminals still operate at this time of year and will do anything they can to try and get you to part with your money.

“Make sure you know where and who you are buying from. While our figures show that people aged 25-34 years old are most likely to fall victim to an online shopping scam, fraud can affect anyone of any age. Be alert when using social media to purchase items as more than half of people who reported online shopping fraud to Action Fraud encountered a problem on these sites.

“Where possible, use a credit card when shopping online as this will offer you more protection if anything goes wrong, and follow our practical advice to help you shop online safely.”

The new figures are published as the NCSC launched a nationwide drive to promote its Cyber Aware campaign to help shoppers protect themselves online.

The Cyber Aware campaign provides shoppers with actionable steps to boost their online resilience by creating a strong and separate password for email accounts using three random words and turning on 2-step verification (2SV).

The campaign is launched as newly published polling data from Revealing Reality/Yonder found that over half (59%) of British people are using their email password on other sites, putting them at risk of online fraud and cyber criminals.

Having a strong and separate password for email accounts means that if cyber criminals steal the password for one of your less-important accounts, they can’t use it to access your email account.

In 2024, the government will launch a national communications campaign to tackle fraud, as committed to in the Fraud Strategy. Everyone will be asked to play their part, with government, law enforcement, industry and the third sector working together to make sure people know how to protect themselves against fraud.

Reporting

Report all Fraud and Cybercrime to Action Fraud by calling 0300 123 2040 or online. Forward suspicious emails to report@phishing.gov.uk. Report SMS scams by forwarding the original message to 7726 (spells SPAM on the keypad).