The Retailer Winter Edition 2022

THE RE TA I L ER

20

HOW TRUSTWORTHY BUSINESS COMMUNICATIONS KEEP CUSTOMERS CONTENT AND CYBER SECURE

Sarah Lyons Deputy Director for Economy & Society The National Cyber Security Centre (NCSC) – a part of GCHQ

I t’s an unfortunate real have taken advantage of our increased reliance on tech nology and our shift to home working with opportunistic scams. At the NCSC, we’ve seen this increase in scams first-hand. Our Active Cyber Defence pro gramme, which seeks to remove malicious websites and scams from the internet before they harm the public, took down over 700,000 online scams in 2020. This was a fifteen-fold increase on the number of takedowns the year prior. Many organisations will be all too familiar with fraudsters impersonating their brands to entice members of the public into giving away personal details or financial information. This can be via a scam text, call, email, or advert. When customers unfortunately fall victim to these scams, the spoofed organisations can also suffer with a detrimental impact to their brand’s reputation and customer confidence in their service. This is particularly a problem for retailers around busy calendar events like Black Friday and January sales where heightened retail activity makes shoppers more susceptible to scams impersonating well known retailers. According to the City of London Police, online crime during Black FridayandCyberMonday in2020defrauded UK shoppers of £2.5m Despite the increase in scams, retailers shouldn’t feel helpless. The NCSC has published new guidance setting out how SMS and tele phone messages can be issued in a trustworthy and consistent way that protects customers from fraud and makes it harder for criminals to exploit these telecoms channels. This new guidance follows previously published advice on email security and anti-spoofing. ity that online scams are a growing threat. Criminals

In addition to securing their own external communications, organisations can point cus tomers to scam reportingmethods so that they feel empowered to act against them. Reporting via the following methods will ensure that malicious content is removed from the internet where found: • Scam emails can be reported to the NCSC by forwarding to report@phishing. gov.uk • Scam texts can be reported by forward ing to 7726 • Scam websites can be reported to the NCSC through our website – www.ncsc. gov.uk/scams . • Scam adverts can be reported to the Advertising Standard Authority via their website – www.asa.org.uk . Scams can feel ubiquitous these days, but this doesn’t make it inevitable that we’ll see more victims losing out. The retail sector can play a significant part in the fight back against scams by following the NCSC’s best practices on customer communications. Cyber security issues are discussed in the BRC IT Community which provides an opportunity for members to raise issues of concern and to exchange with NCSC from time to time. For more information please visit our community page

In practical terms, we explain howorganisations should conduct their due diligence and make considerations before contacting customers with SMS messages or call. It lists the following nine best practices that go a long way to help customers identify legitimate messages: 1. Keep messages simple and consistent 2. Use minimal phone numbers, SenderIDs and email addresses 3. Publicise your contact details - The numbers and email addresses, websites and SenderIDs 4. Do not ask for personal details 5. Use links sparingly and make them human readable 6. Apply this guidance to your supply chain due-diligence 7. Provide a way for your custom ers to independently check your communications 8. Provide a means for your customers to contact you independently 9. Provide guidance on how customers can report scams Consumers place a significant amount of trust in retailers when using their service. Issuing secure customer communications that’s clearly distinguishable from scams will help maintain this trust.

Sarah Lyons