The UK's National Cyber Security Centre (NCSC) has recently raised the alarm over a disturbing trend affecting the retail sector, cyber criminals posing as IT support staff in a bid to gain access to sensitive systems. In light of this emerging threat, major household names such as Marks & Spencer, Co-op, and Harrods have reportedly fallen victim to cyber attacks, sparking serious concerns over the resilience of British high street brands in the digital age.

The Rise of Social Engineering in Cyber Attacks

Unlike brute-force hacking techniques or traditional malware-based intrusions, the latest wave of cyber crime is grounded in the subtle manipulation of human behaviour—a practice known as social engineering. This approach doesn’t rely on breaking into systems using code, but rather exploiting trust within an organisation.

Hackers have been reported to impersonate legitimate employees when contacting internal IT help desks. In doing so, they request password resets and seek to bypass multi-factor authentication (MFA), thereby gaining access to internal databases and sensitive consumer data. This method not only proves effective but also bypasses some of the most common cybersecurity safeguards.

The Impact on Major Retailers

The Co-op, one of the UK’s most recognised retail names, has acknowledged that it suffered a significant breach. Initially stating it had fended off the attack, the mutual later admitted that cyber criminals managed to extract the names and contact details of a substantial number of customers. In the days following the breach, shoppers witnessed product shortages in several stores as the company scrambled to resume standard deliveries.

Marks & Spencer, too, has been caught in the storm. The retail giant recently revealed that certain items were temporarily unavailable in store and online, owing to system disruptions linked to a cyber incident. Online orders were suspended for over a week while the company worked tirelessly to recover.

While Harrods has not publicly disclosed details, it has been named among the targets—highlighting that no brand, regardless of stature, is immune.

Expert Insight: Why Social Engineering Works

Rafe Pilling, Director of Threat Intelligence at Secureworks, noted that the nature of NCSC’s guidance hints strongly at social engineering being a key method of compromise. He elaborated that attackers often rely on highly convincing impersonation tactics to deceive staff into surrendering credentials or authorising password changes.

He also pointed out that had these attacks been the result of traditional malware infections, the NCSC would have likely issued a different set of recommendations. Instead, the emphasis on human-centred deception suggests that attackers are exploiting the weakest link in cybersecurity: the human factor.

Are These Attacks Connected?

At present, the NCSC has not confirmed whether the attacks on M&S, Co-op, and Harrods are part of a coordinated campaign or isolated incidents. The agency has insights into the breaches but is cautious in drawing conclusions. Whether this is the work of a single cyber crime syndicate or a coincidental cluster of similar tactics remains to be seen.

Nevertheless, the scale and timing of these attacks hint at an alarming trend that retailers cannot afford to ignore.

What Can Businesses Do to Protect Themselves?

To shield themselves from similar threats, British retailers—and indeed any company reliant on internal IT teams—must take immediate and practical steps:

1. Reinforce IT Help Desk Protocols

Help desks should be trained to rigorously verify the identity of any individual requesting access or password resets. Staff must be sceptical of requests that come under urgent or emotional pretences—a classic red flag in social engineering attempts.

2. Implement Tiered Access Controls

No single person should be able to override authentication measures without managerial sign-off. A multi-layered approach to access can slow down or block attackers even if they manage to manipulate one employee.

3. Invest in Cyber Awareness Training

From customer service reps to senior executives, regular and realistic training scenarios can help build a ‘human firewall’. Employees who understand the psychological tactics used by hackers are less likely to fall prey.

4. Strengthen Monitoring and Logging

Advanced monitoring tools that detect unusual login attempts, access from unfamiliar IP addresses, or repeated requests for credential changes can help spot an attack in progress.

5. Zero Trust Security Models

Adopting a zero-trust architecture—where every request must be verified, regardless of source—ensures no user or system is automatically trusted. This significantly reduces risk, even from internal impersonators.

A Wake-Up Call for the British High Street

For many UK retailers, the timing of these attacks could not be worse. As the economy continues to recover from global disruptions and changing consumer habits, a breach of this nature not only affects operational continuity but also severely undermines customer trust.

Retailers hold vast amounts of sensitive data—from payment information to purchase histories. As such, they must treat cybersecurity as a boardroom priority, not merely an IT function. Investing in the human side of cyber defence is now just as important as having firewalls and antivirus software.

Final Thoughts

This spate of cyber attacks serves as a grim reminder that while technology can be patched and updated, human error remains a glaring vulnerability. As hackers grow more creative and manipulative in their methods, British retailers must respond with equally intelligent and adaptive defences.

The NCSC’s warning should not be treated as a one-off alert, but as the beginning of a sustained shift in how the UK’s retail sector approaches cybersecurity in an age of social engineering.