More than one million suspect emails have been reported by the public to the UK official National Cyber Security Centre (NCSC) inside two months, through its Suspicious Email Reporting Service.
Some 10,000 online links to scams have been blocked or taken down as a result. More than half relate to cryptocurrency schemes, where investors are typically promised high returns in exchange for buying currency such as Bitcoin. The scams have all been detected since the launch in April of the service, a tool which allows the public to forward suspect emails which may link to fraudulent websites, as part of the Government’s Cyber Aware campaign. A daily average is of 16,500 emails that include numerous examples of fake online shops and spoofs involving brands such as TV Licensing, HMRC, Gov.uk and the DVLA.
NCSC Chief Executive Officer Ciaran Martin, said: “Reaching the milestone of one million suspicious emails reported is a fantastic achievement and testament to the vigilance of the British public. The kind of scams we’ve blocked could have caused very real harm and I would like to thank everyone who has played their part in helping make the internet safer for all of us.
“While it’s right that we should celebrate reaching this milestone, it is important for all of us to remain on our guard and forward any emails that don’t look right to [email protected].”
Commander Karen Baxter, of the City of London Police, the UK’s lead police force for fraud, said: “Phishing is often the first step in a lot of fraud cases we see. It provides a gateway for criminals to steal your personal and financial details, sometimes without you even realising it, which they can then use to take your money.
“Unquestionably, a vast number of frauds will have been prevented, thanks to the public reporting all these phishing attempts. Not only that, but it has allowed for vital intelligence to be collected by police and demonstrates the power of working together when it comes to stopping fraudsters in their tracks.”
Visit https://www.ncsc.gov.uk/information/report-suspicious-emails.
Comments
Paul McEvatt, Senior Threat and Intelligence Manager, Fujitsu EMEIA, said: “But it’s not just businesses and organisations that are affected – citizens are arguably at the greatest risk of all. Masquerading as Coronavirus updates, information around the availability of masks and vaccine information – even posing as organisations looking for donations to charitable relief funds – are hard to spot but becoming increasingly common. Irregularities in emails, such as an unexpected emphasis on urgency, spelling and grammar mistakes and whether they expect an email from the sender are all signs that the email is a phishing attack.”
And Phillip Hay, Head of Threat Intelligence Analysis at cyber firm Mimecast, said: “Email remains a key vector for cybercriminals and it is no surprise to see so many phishing emails reported to the NCSC. At Mimecast, our recent State of Email Security report found that 60 per cent of organisations believe it’s inevitable or likely they will suffer from an email-borne attack in the coming year. The same study found that 72 percent said phishing attacks remained flat or increased in the last 12 months. This is also exacerbated by the coronavirus pandemic, which has led to a real uptick in email-borne attacks. Our research found that detections were up a third during the first 100 days of the pandemic.
“Security leaders need to invest in a strategy that builds resilience moving at the same pace as digital transformation. This means organisations must apply a layered approach to email security, one that consists of attack prevention, security awareness training, roaming web security tied to email efficacy, brand exploitation protection, threat remediation and business continuity.”
