M&S shoppers urged to follow 'simple rule' after cyber incident

M&S shoppers have been urged to be vigilant after it was revealed that customer details were stolen in a recent cyber attack on the retail chain.

The cyber incident affected services for over a week, with shoppers unable to make orders online while in-store purchases were also affected.

An update on the incident posted on the M&S website explained that "some personal customer data has been taken", including personal details such as names and email addresses, and even some 'masked' payment card details used for online purchases.

M&S advised customers to use strong and unique passwords for their email and other accounts, and to do any software updates on phones and devices to ensure you have the latest security updates in place.

Robert Harris, senior director of Product Marketing at financial crime prevention group , shared some tips for staying safe online in the event that criminals have managed to get some of your details.

He said: "Scammers often use bits of your real data-like your name or address-to make their story sound convincing. But here's a simple rule: never share personal information with someone who contacted you out of the blue.

"If the call, email, or message is legitimate, the organization should already have your details and won't ask you to confirm sensitive information.

"If in doubt, don't engage. Hang up and contact the company directly through an official phone number or website-not the one provided by the caller. It's always better to take an extra minute than to fall for a well-crafted scam."

If your suspicions are raised by a message you receive, Mr Harris says it's always good to double check if it's real, by looking up independent reviews or searching for the website on scam-reporting platforms such as ScamAdviser.com.

He shared another telltale sign to look out for that a product offer is bogus, saying: "If you're negotiating and the seller agrees to a price too easily, that's a red flag.

"Also, consider how you're paying-use a credit card whenever possible, as it offers more protection. And never feel pressured to make a decision on the spot. Pause, review, and only proceed if you're confident it's legitimate."

Fraser Mitchell, chief product officer at digital compliance group , also shared a warning about indications a message may be fake.

He said: "Always be wary of any unsolicited email or SMS. If sent a link check the email address of the sender for slight inconsistencies or spelling errors.

"By placing the cursor of your mouse over any link you will be able to see the address of the Web page you will be sent to. Again, check this for consistency and spelling errors and never click anything you are unsure of."

He said it's a good practice to ensure your password is "complex and random", but to never include personal data such as your date or year of birth, or your name.

from wealth firm found that one in three high net worth people have fallen victim to a cyber scam in the past six months, with 30% of victims targeted through social media and a fifth targeted by email.

Mike Stimpson, partner at Saltus, said: "Incidents like the M&S data breach give scammers a new opportunity to strike. We could well see a rise in phishing attempts, impersonation scams and fraudulent messages claiming to be from trusted brands in the short term.

"It is essential that individuals are aware of the methods scammers use and are vigilant against any emails, calls or other contact with people or brands they don't know.

"The default position should be that someone contacting them out of the blue is a scammer, and until steps are taken to verify the identity of the contact a cautious approach is critical, particularly in the coming weeks as the true impact of recent high profile data breaches at M&S and others becomes clear."