Dear community member,
The National Cyber Security Centre (NCSC) has issued a critical warning following a wave of cyber attacks on major UK retailers including M&S, Co-op and Harrods. These incidents appear to involve criminals impersonating IT help desks to trick staff into revealing login credentials, a technique known as social engineering.
We’re issuing this urgent message to all SWCRC members to raise awareness and encourage immediate action.
What’s happening?
A group calling itself DragonForce has contacted the BBC to claim responsibility for recent breaches. Their tactics include:
• Phoning IT staff pretending to be locked-out employees
• Calling or messaging staff pretending to be from internal IT help desks
• Using fluent English and credible scenarios to gain trust
The NCSC believes these attacks resemble those carried out by the notorious “Scattered Spider” group, known for targeting senior staff to gain access to sensitive systems.
What should you do now?
We recommend the following immediate steps:
🔐 Review your password reset procedures, especially for senior roles
📞 Introduce internal codewords or other identity checks for staff requesting credential changes
🧠 Reinforce awareness among staff of social engineering tactics
📊 Monitor for unusual login activity, such as logins at odd times or from unexpected locations
This is a timely reminder that no organisation is too small to be a target – simple procedural improvements can make a huge difference in resilience.
If you’re unsure how to implement these changes, or would like a free consultation with our team, please don’t hesitate to reach out.
Kind regards,
Steve and Joe
