BATHROOM and kitchen surface manufacturer Rearo has warned businesses to be aware of a new online scam, after it was targeted in a significant cyberattack.
The Glasgow-based producer of high-pressure laminate wall panels and worktops said criminals, posing as online customers, attempted to make thousands of fictional orders in an attempt to validate stolen credit and debit card numbers.
Successful combinations would then have been used by fraudsters to purchase goods and services elsewhere, Rearo believes.
The company – which supplies a range of UK businesses including fast food restaurants, supermarkets, and high street chains – alerted police to the scam and is now urging companies to tighten their online systems to avoid being targeted in the same way.
While the attack did not inflict any cost or damage on Rearo directly – it was identified before any of the orders were shipped – its systems were used as a “Trojan horse” to verify the legitimacy of credit card numbers for future illicit use.
Stuart Hutcheson, Rearo’s IT implementation manager, said the company only learned about the scam after noticing a pattern of thousands of unsuccessful online purchases over the course of a weekend.
He said: “We had processed around 180 orders through our website and ERP (enterprise resource planning) system, but the cyberattackers had attempted a staggering 4,800 transactions, which shows you the scale of their operation.
“They were clearly attempting to validate credit card number combinations for use elsewhere. Although their success rate was a mere 8-9%, it underscores the gravity of the situation.”
The nature of the attack highlights a growing trend in cybercrime, where criminals target legitimate, online platforms to validate stolen financial information, facilitating subsequent fraudulent transactions, according to Rearo.
Mr Hutcheson said: “They buy data from illegitimate sources and then feed these credit card numbers into an algorithm, attempting to match the correct combinations. While the attack did not cause significant financial losses to us, it led to considerable disruption and a time-consuming manual recovery process for the affected transactions.
“This phenomenon is gaining traction. We know of two other businesses, which manage online sales, which have been affected recently. It’s becoming a more mainstream threat.”
The company – which also has outlets in Fife, Tyneside and Northampton – believes its experience should serve as a wake-up call to all businesses to shore up their cyber defences.
It has gained Cyber Essentials accreditation—a standard endorsed by the UK Government – that will require audits of its network security, access controls, policies, and hardware configurations to ensure the safeguarding of critical data.
Mr Hutcheson also stressed the need for businesses to educate their staff on cyber security, not only in the workplace but extending to their own personal online activities, such as home banking.
Rearo has implemented a range of new measures including multi-factor authentication and heightened password policies, as the company pivots toward the kind of comprehensive, cybersecurity practices it believes are essential for survival in the digital age.
“After the pandemic, remote work became a norm and, with it, the landscape of IT security evolved,” Mr Hutcheson noted. AA renewed emphasis on data security is crucial. The skills required in this field are constantly evolving and organisations, especially SMEs, must invest in staying ahead of cyber threats.”
He added: “It’s also important for businesses to raise awareness about cyber security issues among their employees and customers.
“We are planning to provide cyber security training to staff, educating them about data protection, safe online practices, and the importance of securing their own digital lives.”
Established in Shetland 50 years ago, Rearo has a 67,000 sq ft manufacturing base in Govan, with showrooms and distribution centres in Fife, Tyneside, and Northampton. A new branch in Skelmersdale opened earlier this year.
Comments & Moderation
Readers’ comments: You are personally liable for the content of any comments you upload to this website, so please act responsibly. We do not pre-moderate or monitor readers’ comments appearing on our websites, but we do post-moderate in response to complaints we receive or otherwise when a potential problem comes to our attention. You can make a complaint by using the ‘report this post’ link . We may then apply our discretion under the user terms to amend or delete comments.
Post moderation is undertaken full-time 9am-6pm on weekdays, and on a part-time basis outwith those hours.
Read the rules here