Community Tech Hub Newsletter; 9th May 2025
Welcome to this week’ s Tech Hub News. If you have any questions or concerns about anything
that is covered here, please make contact with support@communitytechhub.org
The website is a growing resource with new content as we find things of relevance.
https://communitytechhub.org also recordings of previous briefing sessions.
We are seeing a proliferation of SMS texts/WhatsApp messages and email scams but hopefully
you are starting to see the fake ones and ignore them, better still just delete them.
Current Scams to be aware of:
1) Fake Ed Sheeran Tickets
2) Staying Safe after the M&S & Co-Op Cyber Attacks
3) Parking Scams Recirculate
1) Fake Ed Sheeran Tickets (From Suffolk Trading Standards)
2) Staying Safe after the M&S & Co-Op Cyber Attacks (from Which?)
Co-op and M&S have been hit with major cyberattacks in the past few weeks, causing disruption to online orders and stock availability in stores.
Co-op has since warned that the hackers – understood to be a criminal group named 'DragonForce' – have accessed a 'significant' amount of data from 20 million past and current members.
This data includes names and contact details, but not passwords or any financial information.
M&S has not disclosed whether customer data has been stolen.
If you're worried about your data, read on to find out how to stay safe against ransomware scams and how to protect your information after a cyberattack
How to stay safe against ransomware scams
Ransomware attacks – which both Co-op and M&S have suered – are a type of virus that locks up your system or encrypts the files on your PC. Hackers will then hold you to ransom in order to regain access.
The National Cyber Security Centre (NCSC) has warned that the criminals launching these cyberattacks against retailers are impersonating IT helpdesks to break into the organisations' systems.
It issued guidance to organisations, urging them to review their IT helpdesk password-reset processes to reduce the chances of being hacked.
If you're worried about ransomware scams on your work or personal devices, there are some simple steps you can take to protect yourself:
Don't download attachments you haven't been expecting or click on links that are trying to persuade you to give away personal details. You can always contact a company directly if you want to check if a message is genuine.
Only download software and apps from a trusted source, and look for reputable software manufacturers when deciding what to download.
Always keep your PC operating system and any downloaded apps or other software updated. This allows you to benefit from the latest security protections.
Windows 10 and 11 allow you to turn on a setting that protects folders from unauthorised programs such as ransomware. To turn it on, open the Windows Security app (select the shield icon from your Taskbar – if you can't see it, click Show hidden icons, which looks like ^). Scroll down, select Ransomware protection and click Controlled folder access to turn it on.
Set up a restore point in case your device is compromised and you need to restore it from safe mode. To do this, type 'create a restore point' into your PC's search panel. Click Create a restore point and a pop-up box will appear, then click Create. Name your restore point (for example, the month and year) and click Create. Once finished, your PC will confirm and you can click Close.
A quality antivirus – whether paid-for or free – can also provide superb anti-ransomware protection. The best antivirus on test can prevent wide-scale hijacking of your files and device.
How to spot scams after a cyberattack
If you're a Co-op member, then your name and contact details may have been compromised in the cyberattack.
You should be cautious with any unsolicited emails or phone calls in the coming weeks.
Email scams (or 'phishing' scams) will often purport to be from a well-known brand or retailer. But when you click on a link in the email, you'll be sent to a spoofed website where you're asked to enter your personal or financial details, which will then be in the hands of scammers.
If you suspect an email might be from a scammer, don't click on any links or download any attachments. Stay security-savvy and ensure your antivirus software is always up to date, as this will provide an extra layer of protection.
Similarly, be cautious if your bank or building society contacts you out of the blue. Do not reveal your full password, login details or account numbers. Instead, hang up and call the company it's claiming to be on a trusted number to ensure that the call was legitimate.
Remember that a bank will never ask for your Pin, or for a whole security number or password, either over the phone or via email.
You might also want to keep an eye on your bank accounts and credit file to see if new accounts have been opened in your name. If you spot anything unusual, contact your bank and Action Fraud immediately.
Co-op has confirmed that no passwords or financial information were compromised by the hackers.
But if you fall victim to an attack where this information is stolen, you'd want to change your password with the company in question (and with any other accounts where you've used the same password).
Your rights after a data breach
If a company has lost your data as a result of a breach, it must tell you without undue delay. It should explain to you the name and contact details of its data protection officer, a description of the likely consequences of the breach and the measures it has taken to deal with it.
If your data is lost and it causes you financial damage or distress, you might be able to make a claim for compensation from the organisation that lost it.
To begin with, you should contact the organisation you believe is responsible, outlining what distress or losses you've suffered and how you expect it to compensate you. You can also take your concerns to the Information Commissioner's Office (ICO).
By law, the ICO can't award compensation or advise on the level of compensation that should be due. But its opinion can be influential in making your claim against the organisation that compromised your data.
If you can't agree on compensation with the organisation in question, you can make a claim via the small claims court.
A good piece of evidence to take to court is if the ICO agreed with you that the General Data Protection Regulation (GDPR) was indeed breached.
3) Parking fine scams recirculate (Which?)
The 'parking fines scam' message continues to circulate as a phoney, but convincing, text about a non-existent unpaid fine, with a link to a dodgy website. A text from a random number claims there's an unpaid parking fine that you need to pay immediately.
Just delete it, if it is genuine you will receive a letter in the post.
This newsletter has been prepared by the Community Tech Hub CIC for its members. For more information on our work or to join the club https://communitytechub.org.