Retailers including M&S, Co-op and Harrods have been victims of cyber-attacks, and there are concerns that more may follow.
Experts believe the hackers are gaining access to company computer systems in order to demand a ransom.
However, it is not just large companies that can fall victim to cyber-attacks, so what can you do to protect yourself?
What’s happening at M&S and Co-op?
M&S was hit by a cyber attack in April and disruption to its online services is expected to continue until July.
Security experts have said that M&S was victim to a ransomware attack. Ransomware is a type of malicious software that blocks people out of their computers or files by encrypting the data. Criminals then demand money (ransom) in exchange for restoring access.
The National Cyber Security Centre has warned people to be wary of criminals impersonating IT Helpdesks. This is called social engineering. This is when criminals try to gain your trust to make you give away information like passwords and security codes.
It can be done in various ways, such as impersonating a trustworthy figure like an IT helpdesk employee, or pretending to be in need of help to manipulate you into revealing private information. You can find out about other tactics scammers use on BBC's A-Z of Scams.
The NCSC's advice comes after Co-op ordered their staff to keep cameras on during remote meetings. Cyber security consultant Jen Ellis says the email implies that Co-op is worried about the presence of hackers.
Ellis told the BBC, "Reminding employees to keep their cameras on during conference calls is one way of enabling work to continue while ensuring that everyone is really who they claim to be, and no one unexpected is participating in calls."
How can I stay scam savvy?
You might be thinking “hackers only target big names, right?”. Wrong! Anyone can be a target, which is why it’s important to stay vigilant.
Always watch out for the unexpected: whether it’s a text message, phone call or email, and always think twice if you’re asked to do something urgently. Look out for:
Unknown phone numbers or emails. You can search a number online to see where it comes from, or look for spelling mistakes or strange details in an email address.
Requests for personal details or money. If you get a call from your bank and are unsure if it’s genuine, hang up and use the phone number listed on your bank's website or card, to call them back.
Sometimes posts online can seem too good to be true. Often scammers will use clickbait to grab your attention and encourage you to do something, like clicking a link. Watch out for…
Eye catching headlines or offers. If you see an offer that looks too good to be true, or a headline that gets you emotional, always double check the source.
Look at the information. Are there any details provided, or is it vague?
How can I avoid cyber-attacks?
Tia Cotton, an ethical hacker and senior security engineer, and Jen Ellis of the Ransomware Task Force joined BBC Radio 5 Live recently to discuss some steps you can take to help protect yourself from cyber-attacks.
Here are some tips from the experts:
Use phrases for passwords
Cotton suggests: "For individuals, best practice is always using passphrases, rather than your dog's name and a random number! Use three random words that you can remember … as it's harder to crack”. But remember that you should never share your passwords or passphrases with anyone else.
Use 2-step verification where possible
With 2-step verification users put in a password along with a code that is generated by an authenticator app. Ellis told Radio 5 Live: "Cyber insurers say they believe that 2-step verification brings down the risk [of getting hacked] significantly. A password is something you know and your token is something you have, which means it’s harder for those who aren't right next to you to do something bad because they don't have your face, your fingerprint or your code.”
"Another way of doing it is passkeys, that’s when you put your fingerprint in or when you do facial recognition on your phone. These are second factors that prove that you’re you."
If you think you've been the victim of a cyber-attack you should speak to a parent, carer or an adult you trust. You can also find more information about avoiding scams on BBC Scam Safe.
This article was updated in May 2025.
Not sure if the news you’re seeing on social media is true or false? Can you always tell if the things you see online are real or fake? Learn how to get the other side of the story with our quizzes, videos and explainers.
