**Beware Phony IT Calls After Co-op and M&S Hacks, Says UK Cyber Centre**

The National Cyber Security Centre (NCSC) has issued a stark warning to British retailers and organizations after a recent wave of cyber attacks. The hacks, which have targeted Marks & Spencer, Co-op, and Harrods in the past two weeks, are being carried out by hackers who are impersonating IT help desks to gain access to organizations.

According to the NCSC, these hackers use social engineering techniques to trick employees into handing over their login passwords and security codes. They also target help desk staff themselves, pretending to be an employee locked out of their account, in order to obtain sensitive information. The NCSC is urging organizations to review their IT help desk "password reset processes" to minimize the chances of falling victim to these types of attacks.

**The Rise of Scattered Spider**

The NCSC has also highlighted the involvement of a group known as Scattered Spider, which has been linked to previous high-profile cyber attacks. The group is comprised of young English-speaking hackers in the UK and US who have become adept at using social engineering tactics. In the past two years, they have coordinated and planned attacks on Discord and Telegram to breach dozens of companies and steal or scramble data.

The NCSC does not specifically name Scattered Spider as being responsible for the current wave of attacks, but acknowledges their involvement in similar hacks. The group is known for using "Risky Logins" - a tactic where employees have logged in from unusual locations or at late hours. In July 2024, a 17-year-old from Walsall was arrested as part of an FBI investigation into a Scattered Spider hack on MGM Grand Casinos.

**The Importance of Security**

Cyber security experts are now recommending further layers of security to deal with these types of attacks. One suggestion is the use of "code words" that get used when an employee phones up to change their credentials, such as "BluePenguin", to verify the identity of the person on the other end of the line.

Lisa Forte from cyber security firm Red Goat said: "Ultimately it comes back to the same issue with login credentials as always – we need multiple ways to do it to ensure it isn't easy to bypass." The NCSC advice is a strong indication that hackers are using tactics commonly associated with Scattered Spider, and organizations must take these threats seriously.

**A Warning for All**

The NCSC's warning serves as a reminder that cyber attacks can happen to anyone, regardless of size or industry. It emphasizes the importance of vigilance and proactive security measures to protect against these types of attacks.

In light of this, we urge all organizations to review their IT help desk password reset processes and implement additional security measures to prevent similar hacks in the future.

**Stay Safe Online**

If you receive a call claiming to be from your IT help desk, asking for sensitive information or access to your account, do not respond. Hang up immediately and contact your IT department directly using an official phone number and email address. Remember: if it seems too good (or bad) to be true, it probably is.

Stay safe online, and stay informed about the latest cyber threats with our regular updates.