The NCSC said it has seen a spike in the numbers of this type of scam since the pandemic and has been tracking the number of cases since April 2020.
Since then, 4,151 cases have been uncovered and the affected businesses alerted. The agency said in the majority of cases, scammers had infiltrated the websites via a known vulnerability in Magento, a popular e-commerce software.
Shoppers have been told they can protect themselves by being selective about where they shop online, not giving more information than is necessary and using secure third-party payment methods such as PayPal, Apple Pay and Google Pay.
NCSC Deputy Director for Economy and Society Sarah Lyons said: “We want small and medium-sized online retailers to know how to prevent their sites being exploited by opportunistic cyber criminals over the peak shopping period.
“Falling victim to cyber crime could leave you and your customers out of pocket and cause reputational damage.
“It’s important to keep websites as secure as possible and I would urge all business owners to follow our guidance and make sure their software is up to date.”
Since the pandemic, more and more high street businesses have been setting up websites to trade online.
However, small businesses were warned that not keeping software up to date could allow hackers to steal customers data and damage their businesses reputation.
Graham Wynn, the British Retail Consortium Assistant Director for Consumer, Competition and Regulatory Affairs added: “Skimming and other cyber security breaches are a threat to all retailers.
“The British Retail Consortium strongly urges all retailers to follow the NCSC’s advice and check their preparedness for any cyber issues that could arise during the busy end of year period.
“The Cyber Resilience Toolkit for Retail, produced in partnership with NCSC, is available on the British Retail Consortium’s website for retailers to consult and boost cyber defences.”