- Security TWENTY
- Women in Security Awards
A new website reporting tool from the UK official National Cyber Security Centre lets people send the NCSC a link from websites which they think are trying to scam the public.
The NCSC – which is a part of the government listening agency GCHQ – then analyses the site, and if found to be malicious a notice may be issued to the hosting provider for the site to be removed, preventing members of the public falling victim in future.
The NCSC among others has highlighted the problem of scam websites, including fake news pages where celebrities such as Sir Richard Branson appear to be endorsing investment schemes. Links to those pages were removed by the NCSC.
Last year, the NCSC created a Suspicious Email Reporting Service (SERS) whereby the public can forward suspected scam emails to email@example.com. If the emails are found to contain links to malicious websites, they will then be taken down by the service. It’s received more than 6.5million reports of malicious emails and resulted in the takedown of 50,500 online scams since its launch in April 2020.
The new website reporting tool means that the public can now report besides entire websites which they think might be fake and attempting to scam the public.
NCSC Technical Director Dr Ian Levy said: “We’ve had an overwhelming response to the Suspicious Email Reporting Service and we want the public to continue helping us tackle cyber criminals. We are excited to launch our new website reporting tool, which will allow people to report fake websites directly to us. With this tool, we’ll be able to request the take down of even more malicious content online and therefore protect more people from scams and fraudsters.”
At Mimecast, Field Chief Technologist, Johan Dreyer said: “It is really positive to see the NCSC make it easier for organisations to flag dodgy emails. According to Mimecast’s recent State of Email Security report, email remains the first source of cybersecurity issues for most businesses. The research found that 42pc of IT leaders acknowledge most cybersecurity incidents start with an employee clicking on a malicious link in an email and that phishing attacks rose 63pc in the last 12 months, so it is more important than ever that people are prepared. As we move into a world of hybrid working, this will become even more prevalent as criminal activity moves further online and simple human error will inevitably give way to increasingly more sophisticated impersonation and deception techniques. This new button will hopefully see widespread adoption, as many organisations follow the NCSC’s guidance.
“However, for this to be successful, it starts with employees actually understanding what constitutes a dodgy email. This requires cybersecurity awareness training from businesses, to ensure that employees are able to spot and flag suspicious emails. Unfortunately, the Mimecast State of Email Security report found that only 19% of companies currently provide cyber awareness training on an ongoing basis. This needs to improve to ensure employees, of all seniority levels, are not tricked to clicking dangerous links or sharing personal information with criminals. It is also likely that organisations which are more mature from a cybersecurity perspective will not take advantage of this initiative, as they’ll want to maintain some visibility of the reported items for their own internal purposes.”
And Steve Bradford, Senior Vice President EMEA, SailPoint said that the one-click button brings us a step closer to flagging anything that may appear suspect in an easier fashion, helping organisations clamp down on malicious activity faster.
“It will also help to normalise conversations around cyber security in the workplace. With cybercrime costing organisations more than £5m in the past 13 months, greater collaboration between government and business to stop threats in their tracks is critical.
“We are seeing criminals becoming increasingly more sophisticated – going beyond the use of celebrity figureheads, through to using tactics that are far more personal and harder to spot. From imitating CEOs, to emails that appear to be from IT support, often this means impersonating those in positions of authority and taking advantage of who we trust.
“Cyber criminals will use any tactic to trick people into handing over sensitive information. We must fight cybercriminals with intuitive technology such as identity security, a security practice that helps spot unusual activity from a user quickly, to protect the workforce and reduce the risk of cyber-attacks and data breaches.”