Not just any scam - this is an M&S scam

Scams come in all shapes and sizes, but the latest has targeted shoppers at places like Marks & Spencer.

Last week Marks & Spencer contacted customers to inform them that their email addresses may have been stolen by hackers, and to expect an increase in spam mails. If you can’t trust a high profile, reputable company like Marks & Spencer to keep your data safe, just who can you trust?

Data theft is big business and it seems that no one, no matter how safe they think their systems are, is immune to it.

But is it a reason to stop shopping online and keep a low profile on the web? Or are there ways to protect your money and your identity in cyberspace?

How has it happened?

Marks & Spencer, along with a number of other high profile companies, uses a US marketing giant called Epsilon to send out marketing emails to millions of customers. Among Epsilon’s high profile clientele are Capital One, Tesco, Barclaycard, Hilton and Disney. Although details are sketchy, the company admits there has been an ‘unauthorised entry into their email system’ which has resulted in some customer emails and names being stolen.

Don’t be scammed! Emma Roberts reveals some dangerous scams that are circulating the web

Epsilon are assuring their clients that a full investigation is underway into what they are referring to as a ‘malicious act by highly sophisticated cyber-thieves’.

What is the risk to you?

The good news is that, apart from names and email addresses, no other personal information was hacked into. So, financial information, like credit card or account details, has not been put at risk in this instance.

However the leaking of names and addresses is expected to lead to an imaginatively titled ‘spear-phishing’ campaign. As you might guess, this is just like ‘phishing’, whereby criminals send official looking emails to try to trick you into divulging personal information. The only difference is that it is more targeted (hence the ‘spear’) because they can personalise the emails to appear even more legitimate. The emails may also contain links encouraging customers to confirm their details, but these links will send them to bogus websites or infect their machine with a virus.

Related blog post

All very scary, but aren’t we all used to this type of ‘phishing’ scam? I am positively disappointed if I don’t get a daily friendly missive from my bank asking me to confirm my details (those forgetful bankers, always misplacing my account information!).

What are M&S doing about it?

Marks & Spencer are warning their customers that they might receive such emails, and to be on the alert.

The problem is that if you have signed up with Marks & Spencer and you receive convincing emails which are personally addressed to you, it is very easy to casually click on a link. Marks & Spencer stress that they ‘take your privacy very seriously’ and will ‘continue to work diligently to protect your personal information’.

But it is clear from this breach that any company can be vulnerable to attack. The onus is on you to protect yourself.

How can you protect yourself?

It is important that you take responsibility for your own online security, and there are plenty of ways to increase your safety when on the internet.

  • Beef up your online security. Install anti-virus software, such as Norton 360. When surfing look for the closed padlock symbol in the status bar.  Beware of ‘fake’ padlocks. Check you are on a valid site by clicking on the padlock icon in the status bar then clicking on View Certificates. If the certificate address differs, then you may be on a spoof site. 
  • Beware of downloads. It is easy to absent-mindedly download information, by clicking on innocent looking pop-up advertisements or downloading a free game, but you risk being exposed to malicious software or viruses. Your anti-virus software should scan every download, but minimise your risk by never clicking on anything unless you know exactly what it is.
  • Don't respond to emails requesting personal information. This may seem obvious, but there are still lots of people who fall victim to ‘phishing’ scams, and raising awareness is the best way to combat it. These emails are getting ever more sophisticated, so if you are ever in doubt, pick up the phone and call the company yourself.
  • Use wireless connections with caution. Wireless networks, such as ‘hotspots’ in cafes or airports, do not offer the same security as wired internet connections. They actually reduce their security so it is easier for members of the public to access them, so it is probably unwise to do your banking or go online shopping in a ‘hotspot’.

Don’t let this security breach put you off online shopping or banking. There are so many deals and bargains to be had online and it is a shame to ignore them because of fear of hackers.

Follow the rules above to stay safe, and carry on enjoying bargain-hunting online!

More: Six cracking current accounts! | Save money with a tracker mortgage

Comments


Be the first to comment

Do you want to comment on this article? You need to be signed in for this feature

Copyright © lovemoney.com All rights reserved.

 

loveMONEY.com Financial Services Limited is authorised and regulated by the Financial Conduct Authority (FCA) with Firm Reference Number (FRN): 479153.

loveMONEY.com is a company registered in England & Wales (Company Number: 7406028) with its registered address at First Floor Ridgeland House, 15 Carfax, Horsham, West Sussex, RH12 1DY, United Kingdom. loveMONEY.com Limited operates under the trading name of loveMONEY.com Financial Services Limited. We operate as a credit broker for consumer credit and do not lend directly. Our company maintains relationships with various affiliates and lenders, which we may promote within our editorial content in emails and on featured partner pages through affiliate links. Please note, that we may receive commission payments from some of the product and service providers featured on our website. In line with Consumer Duty regulations, we assess our partners to ensure they offer fair value, are transparent, and cater to the needs of all customers, including vulnerable groups. We continuously review our practices to ensure compliance with these standards. While we make every effort to ensure the accuracy and currency of our editorial content, users should independently verify information with their chosen product or service provider. This can be done by reviewing the product landing page information and the terms and conditions associated with the product. If you are uncertain whether a product is suitable, we strongly recommend seeking advice from a regulated independent financial advisor before applying for the products.