- The National Cyber Security Centre (NCSC) issues first-ever
guidance for consumers buying or selling second-hand
internet-connected devices
- Transactions involving pre-owned tech expected to increase in
the weeks immediately following the festive period
- Shoppers urged to consider guidance carefully when thinking
about buying or selling used devices to ensure their personal
data is not accessed by criminals
People looking to buy and sell second-hand tech devices in the
post-Christmas sales are being urged to follow new guidance to
protect them from having valuable data such as bank details
stolen by cyber criminals.
The brand-new Buying and Selling Second-Hand Devices
guidance published today (Monday 28 December) by the National
Cyber Security Centre – a part of GCHQ – outlines the steps
people can take to protect their personal data when buying or
selling used tech.
Traditionally, the post-Christmas and New Year period sees a rise
in the number of people selling their second-hand devices, such
as mobile phones and tablets, as they have been replaced by newer
versions over the festive season.
These devices – especially smartphones – contain more work,
personal, and financial data than ever before, and this guidance
highlights the importance of erasing this before selling so that
it does not inadvertently fall into the hands of criminals.
The NCSC is also encouraging shoppers who buy a second-hand
device to familiarise themselves with advice from the
government’s Cyber Aware campaign,
which encourages users to ensure their devices are kept up to
date and to turn on two-factor authentication on their online
accounts.
Sarah Lyons, NCSC Deputy Director for Economy and
Society, said:
“At this time of year many of us take advantage of the pre-owned
tech market, either to grab a bargain or cash in on a device we
no longer need.
“We want consumers to make the most of this market, but we also
want them to be aware of the risks around security and personal
data and what they can do to protect themselves.
“As people look towards the post-Christmas sales we would
encourage them to follow the steps in our ‘Buying and Selling
Second-hand Devices’ to help them stay secure and shop with
confidence.”
The advice, which can be found in full on the NCSC’s website,
includes tips on
- what to do before you erase the data on your device;
- how to erase the data on your device;
- choosing a second-hand device, and;
- things to know before using a second-hand device.
Kate Bevan, Which? Computing Editor,
said:
"Our research has found significant numbers of smart devices are
being resold, but are no longer supported with security updates
from manufacturers, leaving users vulnerable to hackers.
"Anyone considering buying a second-hand device should find out
when it was released and check if the manufacturer is still
providing updates before parting with their cash.
"As the secondary and refurbished market continues to grow for
tech products, manufacturers must be more transparent about the
lifespan of devices and how long they'll provide security updates
for, so people can make clear decisions and aren't at risk of
buying unsupported devices."
Earlier this year, the NCSC and the City of London Police
launched the Suspicious Email Reporting Service (SERS), which
received 2.3 million reports from the public in its first four
months resulting in thousands of malicious websites being taken
down. Members of the public who have received a
suspicious-looking email over the holiday period should forward
it to report@phishing.gov.uk.
More advice on protecting yourself and your family online can be
found by visiting the government’sCyber Aware website, which
details six practical steps that help protect against the
majority of common cyber threats.
