Even the Big Guys Get Fooled! An Idiot's Guide to the M&S & Co-op Attacks (and How the Sneaky Stuff Works)

Blog
Written By Mark Evans

Following on from our discussion last week about cyber security for small businesses, the recent news surrounding M&S and Co-op really brings the point home: even the biggest organisations get caught out. It makes you think, right? If these big players, with presumably armies of techy people and really robust systems, can be breached, what does that mean for the rest of us?

But here's the thing that might surprise you: these breaches often don't start with some super-complex, Hollywood-style hacking with lines of code flying across the screen. Nope, a lot of the time, it boils down to something much simpler... tricking people. This is where the sneaky world of social engineering comes in.

Think of it like digital con artistry. Instead of breaking into a system through some technical loophole, the bad guys try to sweet-talk or scare someone – an employee, a customer, even a supplier – into handing over the keys (or digital passwords) themselves. It's all about manipulating human psychology to get what they want.

Now, big companies like M&S and Co-op will have layers of sophisticated security software and hardware in place – things like advanced firewalls and threat detection systems from big names in the industry, such as Fortinet. Fortinet is a global leader in cyber security, providing a wide range of tools to protect organisations from all sorts of digital nasties.

But even with these powerful tools, the human element can still be a weak link. Imagine an employee at M&S getting an email that looks exactly like it's from their internal IT department. It might say there's a critical security update and they need to log in right now via a link provided. It looks totally legit, creates a sense of urgency, and the employee, wanting to do the right thing, clicks and types in their username and password... straight into a fake login page designed to steal their credentials.

Or picture someone at Co-op receiving a phone call from someone pretending to be a key supplier with an urgent problem regarding an invoice payment. They might ask for seemingly innocent information, but it's all part of a bigger plan to build trust and potentially extract sensitive details later on.

This is why the basic good practices promoted by Cyber Essentials, which includes things like staff training to spot these dodgy emails and calls, are so crucial. Even the best Fortinet firewall in the world won't stop someone from willingly handing over their password if they're tricked by a clever phishing email or a convincing phone scam.

The lesson from the M&S and Co-op attacks? Even the best technology can be bypassed if people aren't aware of these simple scams. In Part 2, we dive deeper into exactly how these "social engineers" operate and, more importantly, what you can do to make your team a human firewall.

Understanding how even the big players can be vulnerable to these seemingly simple tricks is the first step in protecting your own small business. If you'd like to discuss how we can help you build that vital human firewall and implement robust security measures, give us a call on 0330 107 5654 or book a free consultation below.

Mark Evans https://viendo.net
Previous

Becoming a Human Firewall: Your Idiot's Guide to Spotting and Stopping Social Engineering Attacks
Next

Small Business Cyber Security: Lessons from the M&S and Co-op Attacks