How To Protect Yourself Against The Co-op and Marks and Spencer Scams After A Cyber Attack

In today’s digital-first world, cyber attacks on major retailers can ripple effect far beyond the companies themselves. Recently, reports of cyber attacks targeting UK retailers—including Co-op and Marks and Spencer—have sparked concern among customers and cybersecurity experts alike. As fraudsters seize the opportunity to exploit data breaches and heightened consumer anxiety, it has become more important than ever to know how to protect against Co-op and Marks and Spencer scams after a cyber attack.

Co-op and M&S have been hit with major cyberattacks in the past few weeks, causing disruption to online orders and stock availability in stores. M&S online orders have been paused since 25 April, with no indication as to when things may return to normal.

Both retailers have also warned that some customer data was accessed by the hackers, understood to be a criminal group named DragonForce.

A significant amount of data from 20 million past and current Co-op members was compromised, while M&S says that some customers contact details, dates of birth and online order histories were stolen.

In thisblog post, we’ll walk you through how these scams work, what to look out for, and most importantly— How To Protect Your Against The Co-op and Marks and Spencer Scams After A Cyber Attack

Understanding the Cyber Attack Landscape

Cyber attacks have become increasingly sophisticated and frequent, especially targeting industries that manage a large volume of consumer data. Retail giants like Co-op and Marks and Spencer store millions of customer records—from names and email addresses to payment details and loyalty points.

When these companies experience a cyber breach, the data obtained can be used to craft highly personalized scams. According to the UK’s National Cyber Security Centre (NCSC), phishing attempts surge immediately after high-profile breaches as hackers use the data to impersonate legitimate businesses.

Visit NCSC official site

How Retail Cyber Attacks Lead to Scams

When a cybercriminal gains access to a retailer’s systems, they may walk away with:

• Customer names and addresses
• Email and phone numbers
• Order histories
• Loyalty card information
• Payment data (encrypted or unencrypted)

This wealth of information allows scammers to build what cybersecurity experts call “social engineering attacks.” These are tailored scams that appear legitimate because they mirror real transactions or interactions you’ve had with the brand.

For example, a fraudster might send an email that reads:

“Hi Sarah, we noticed a suspicious login to your Co-op membership account. Please confirm your identity to avoid losing your loyalty points.”

That level of detail is only possible when scammers have access to private information—often leaked during a data breach.

Types of Scams Targeting Co-op and M&S Customers

1. Phishing Emails

Scammers often create emails that look official, using familiar logos and branding. Common themes include:

• Account suspension or verification notices
• Fake refunds or delivery issues
• Loyalty point alerts

2. Smishing (SMS Phishing)

Text messages impersonating Co-op or M&S with malicious links to fake websites or apps. These may include messages like:

• “Claim your compensation now!”
• “Unusual login detected, verify here.”

3. Fake Customer Service Calls

Fraudsters may call pretending to be from customer service or fraud prevention teams, asking for:

• Personal identification details
• Payment confirmation
• Account recovery info

4. Fake Websites

Scammers use domain names that closely resemble official Co-op or M&S URLs. These spoofed sites may:

• Ask for login credentials
• Mimic real checkout pages
• Display fake order confirmations

5. Refund and Loyalty Point Scams

Claiming customers are entitled to a refund, voucher, or bonus points to trick them into giving out bank account info.

Real-World Examples of Co-op and M&S Scam Messages

Email Example:

From: [email protected]
Subject: Co-op Account Suspended
“We’ve temporarily locked your account due to unusual activity. Click here to verify.”

SMS Example:

“M&S: Your parcel could not be delivered. Please reschedule your delivery at [fake URL]”

Phone Scam:

“Hello, this is Sarah from Co-op security. We’ve noticed fraudulent use of your loyalty card. Can you confirm your date of birth and card number to secure your account?”

Top 15 Tips to Protect Yourself After a Cyber Attack

1. Change Your Passwords Immediately

Start with your Co-op and M&S accounts, then move on to other accounts that share the same or similar passwords.

2. Use a Password Manager

Create strong, unique passwords for each account and store them securely using a tool like Dashlane or 1Password.

3. Enable Two-Factor Authentication (2FA)

Adds a second layer of security to your login process.

4. Verify All Communications

Never respond directly to messages claiming to be from Co-op or M&S without verifying through official websites.

5. Beware of Urgent Language

Scammers often use fear or urgency to get you to act quickly.

6. Use Antivirus Software

Install comprehensive antivirus and anti-malware tools on all devices.

7. Keep Software Updated

Ensure your operating system, apps, and browsers are up-to-date with the latest security patches.

8. Monitor Your Bank and Credit Reports

Regularly check statements and consider signing up for credit monitoring services.

9. Report Suspicious Activity

Use official channels like Action Fraud and 7726 to report scams.

10. Lock or Replace Loyalty Cards

Call customer service and request a new card or account number.

11. Freeze Your Credit File (if needed)

Consider freezing your credit to prevent new account fraud.

12. Use a Secure Wi-Fi Connection

Avoid using public Wi-Fi when logging into accounts or making purchases.

13. Turn on Login Alerts

Receive notifications of any logins to your accounts.

14. Educate Your Household

Ensure that everyone in your home knows how to spot scam messages.

15. Keep Backups of Important Data

Store important documents and digital assets in secure, off-site or cloud storage.

How to Identify a Fake Website or Message

• Look for spelling errors and typos
• Hover over links to preview the destination URL
• Check the domain: e.g., coop-uk-secure.com is not the same as coop.co.uk
• Secure sites use HTTPS
• Avoid pop-ups demanding immediate actions

Steps Co-op and Marks and Spencer Are Taking

• Working with cybersecurity experts to investigate breaches
• Updating customer service protocols
• Rolling out secure login options
• Sending out public notices to affected users
• Providing dedicated scam-reporting hotlines

Reporting Scams and Staying Informed

• Report phishing emails to: [email protected]
• Forward scam texts to: 7726
• Report scams to Action Fraud: actionfraud.police.uk
• Stay subscribed to newsletters from cybersecurity organizations like Get Safe Online

Legal Rights and Consumer Protections in the UK

UK consumers are protected under various laws including:

• The Data Protection Act 2018: Retailers must safeguard your data.
• Consumer Rights Act 2015: You are entitled to refunds and protections for purchases made under false pretenses.
• Financial Conduct Authority (FCA): Offers consumer protection for financial fraud.

If your data was misused, you may also be able to file a claim for damages. Contact organizations like ICO or a solicitor for further guidance.

Resources for Ongoing Protection

• NCSC Cyber Aware
• Which? Scam Alerts
• Take Five to Stop Fraud
• Have I Been Pwned
• Citizens Advice Consumer Protection

When trusted brands like Co-op and Marks and Spencer fall victim to cyber attacks, scammers seize the opportunity to defraud unsuspecting customers. But with the right knowledge, tools, and vigilance, you can significantly reduce the chances of becoming a victim.

Use this guide as a toolkit not only to protect yourself but to help educate those around you. Share this blog post with friends, family, and colleagues who may shop with these retailers.