Recite Me

Marks & Spencer CEO spoofed:

Cyber criminals are using fraudulent advertising to entice shoppers to claim a free gift voucher as part of a fake prize draw, by impersonating the M&S CEO, Steve Rowe.

Unwitting victims who click on the ad are redirected to an M&S branded portal and invited to enter personal information such as an email address, mobile telephone number and bank details. This is a common method used by criminals impersonating big brands and names.

Advice:

  • Treat these posts like you would any phishing email
  • If it sounds too goo to be true, it probably is
  • Visit the retailer's website and official social media channels to cross-check that the deal has been mentioned elsewhere
  • Take Five – To Stop Fraud (https://takefivestopfraud.org.uk/)
  • Report all attacks to (report@phishing.gov.uk)

Nando’s Customers Hit by Credential Stuffing Attack:

Some customers of Nando’s have had their accounts compromised. Due to COVID-19 restrictions, customers must now order online to get their food. This has left the door open to attackers trying previously breached log-ins from other sites to hijack their accounts.

This is known as credential stuffing and highlights the risk of reusing passwords.

Advice: 

  • Make sure you switch on password protection.
  • Avoid predictable passwords by choosing 3 random words. 
  • Turn on two-factor authentication were possible.
  • Consider using a password manager.
  • Check your accounts for compromise at https://haveibeenpwned.com/
  • Report all attacks to (report@phishing.gov.uk

More advice and guidance can be found at www.ncsc.gov.uk