Marks & Spencer CEO spoofed:
Cyber criminals are using fraudulent advertising to entice shoppers to claim a free gift voucher as part of a fake prize draw, by impersonating the M&S CEO, Steve Rowe.
Unwitting victims who click on the ad are redirected to an M&S branded portal and invited to enter personal information such as an email address, mobile telephone number and bank details. This is a common method used by criminals impersonating big brands and names.
Advice:
- Treat these posts like you would any phishing email
- If it sounds too goo to be true, it probably is
- Visit the retailer's website and official social media channels to cross-check that the deal has been mentioned elsewhere
- Take Five – To Stop Fraud (https://takefivestopfraud.org.uk/)
- Report all attacks to (report@phishing.gov.uk)
Nando’s Customers Hit by Credential Stuffing Attack:
Some customers of Nando’s have had their accounts compromised. Due to COVID-19 restrictions, customers must now order online to get their food. This has left the door open to attackers trying previously breached log-ins from other sites to hijack their accounts.
This is known as credential stuffing and highlights the risk of reusing passwords.
Advice:
- Make sure you switch on password protection.
- Avoid predictable passwords by choosing 3 random words.
- Turn on two-factor authentication were possible.
- Consider using a password manager.
- Check your accounts for compromise at https://haveibeenpwned.com/
- Report all attacks to (report@phishing.gov.uk)
More advice and guidance can be found at www.ncsc.gov.uk