NCSC makes annual Black Friday plea to consumers

Scams generated by artificial intelligence (AI) are likely to enhance the cyber threat to this year’s Black Friday shopping bonanza, according to the UK’s National Cyber Security Centre (NCSC), which has launched yet another consumer education campaign encouraging bargain hunters to be on the alert.

Black Friday – which began in the US as a post-Thanksgiving, pre-Christmas retail binge, and is so named because it was traditionally the day in the year in which retailers’ accounts went into the black – arrived in the UK around 10 to 15 years ago and has been enthusiastically taken up here.

Throughout the 2022 festive period, UK shoppers lost over £10m between them to cyber criminals, with 25- to 34-year-olds the most victimised.

This year, with generative AI rarely being far from mainstream discourse, the NCSC said fraudsters would ramp up malicious use of the technology to craft more convincing scam emails, fake adverts and bogus websites. This can now be done at scale, and the results are often highly professional-looking, duping even those who feel they are cyber savvy.

Citing data compiled by consultancies Revealing Reality and Yonder, it said 72% of Brits understand this to some extent, and worry that AI will make it easier for criminals to commit online fraud.

“As we enter the Black Friday and festive shopping period, online shoppers will naturally be on the lookout for bargain buys,” said NCSC chief operating officer Felicity Oswald.

“Regrettably, cyber criminals view this time of year as an opportunity to scam people out of their hard-earned cash, and the increased availability and capability of technology like large language models is making scams more convincing.

“I would urge shoppers to follow the steps in our online shopping guidance, which includes setting up two-step verification and using passwords with three random words, so they’re easier to remember and harder to hack.”

Fortunately, while generative AI is helpful in addressing things such as poor spelling and grammar that often alert people to scams, many of the other hallmarks of a scam have not changed. Scam emails will often play up a sense of urgency, giving recipients a limited time to respond and threatening negative costs if they don’t, or offer something that is in short supply – gaming consoles often being a good example. And, of course, they will exploit current news stories and events, including Black Friday, to seem relevant.

The NCSC is also reminding consumers that with retail scams becoming more convincing, it is more important to take basic steps to secure your activity online. Such steps can include activating two-factor authentication on email accounts and online services, and paying closer attention to credential hygiene, creating strong passwords – the NCSC recommends using three random words – and never reusing them across websites.

“We know that because of the rising cost of living, people are looking to get the most from their money and save where they can. This year’s festive season will no doubt add pressure on people,” said Action Fraud head Pauline Smith.

“With retailers already slashing prices for Black Friday and Cyber Monday deals, it is easy to rush into making a purchase to try and grab a bargain. But don’t forget, criminals still operate at this time of year and will do anything they can to get you to part with your money.

“Make sure you know where and who you are buying from. While our figures show that people aged 25-34 years old are most likely to fall victim to an online shopping scam, fraud can affect anyone of any age. Be alert when using social media to purchase items as more than half of people who reported online shopping fraud to Action Fraud encountered a problem on these sites.

“Where possible, use a credit card when shopping online as this will offer you more protection if anything goes wrong, and follow our practical advice to help you shop online safely.”

More information is available from the NCSC here.