A University of Gloucestershire cyber expert is urging shoppers to be aware of three scams when buying online for Christmas.

As more time is spent buying online heading towards Christmas, Professor Kamal Bechkoum, head of the university's School of Computing and Engineering, has backed the National Cyber Security Centre's (NCSC) warning to shoppers about fake shops, scam messages and bogus adverts.

Professor Bechkoum said: "It's worth remembering more than 90 per cent of cyber breaches happen because of human error.

"The biggest danger is coming from three rapidly growing types of cyber 'phishing', where hackers pose as someone you might know or a real organisation, to lure victims into giving away access to their personal data, such as usernames, passwords or credit card numbers."

He said mass phishing is where an email, text or social media message is sent to thousands of people demanding urgent action, such as clicking on a weblink or downloading an attachment.

The second scam is 'spear phishing,' where messages are far more personal and believable.

Professor Bechkoum continued: "The final type is the highly sophisticated 'clone phishing,' which involves hackers replicating a genuine email address or social media profile to create a nearly identical copy of a real person or organisation contacting you.

"Although messages from cloned email addresses or social media accounts might look like the genuine article, they usually contain malicious links to malware that attempts to steal personal information and your contact lists."

The Government's latest report on cyber security breaches found 39 per cent of businesses experiencing an attack were hit by phishing attempts.

Similarly, The 2022 State of the Phish Report found 91 per cent of organisations had faced phishing attacks during 2021.

Professor Bechkoum said: "We can all take three key steps to combat cyber-phishing and these come under the headings of 'people, equipment, and procedures'.

"For people, are you or your firm fully trained to spot and prevent a wide range of cyber-threats? If not, consider learning more or getting professional help to improve your knowledge. People are always the very first and last line of defence."

When it comes to equipment, Professor Bechkoum said it is important to check that passwords are updated, firewalls are in place and you have the latest antivirus systems installed. A business should have policies that block phishing attacks and keep systems secure.

He continued: "Finally, when it comes to procedures, do you have good personal 'cyber-hygiene?' Do you always review or reject unexpected messages, and approach every online message with caution?

"Does your organisation have clear policies on password requirements, access control, portable devices and remote working, handling sensitive data and a plan of how to handle a cyber attack?

"Keeping up to date with cyber security is becoming a requirement of our everyday lives, and for company directors it's a crucial demand."