Marks & Spencer CEO spoofed:

Cyber criminals are using fraudulent advertising to entice shoppers to claim a free gift voucher as part of a fake prize draw, by impersonating the M&S CEO, Steve Rowe.

Unwitting victims who click on the ad are redirected to an M&S branded portal and invited to enter personal information such as an email address, mobile telephone number and bank details. This is a common method used by criminals impersonating big brands and names.

Advice:

• Treat these posts like you would any phishing email
• If it sounds too goo to be true, it probably is
• Visit the retailer's website and official social media channels to cross-check that the deal has been mentioned elsewhere
• Take Five – To Stop Fraud (https://takefivestopfraud.org.uk/)
• Report all attacks to (report@phishing.gov.uk)

Nando’s Customers Hit by Credential Stuffing Attack:

Some customers of Nando’s have had their accounts compromised. Due to COVID-19 restrictions, customers must now order online to get their food. This has left the door open to attackers trying previously breached log-ins from other sites to hijack their accounts.

This is known as credential stuffing and highlights the risk of reusing passwords.

Advice: 

• Make sure you switch on password protection.
• Avoid predictable passwords by choosing 3 random words. 
• Turn on two-factor authentication were possible.
• Consider using a password manager.
• Check your accounts for compromise at https://haveibeenpwned.com/
• Report all attacks to (report@phishing.gov.uk) 

More advice and guidance can be found at www.ncsc.gov.uk