A million phishing reports sent to NCSC service in two months

News by Andrew McCorkell

The Suspicious Email Reporting Service has received more than a million reports of scam emails, National Cyber Security Centre announces.

Fake cryptocurrency investment offers account for more than half of all online scams detected through reporting from the public, the National Cyber Security Centre has confirmed.
The one million milestone was racked up in just two months with the influx of cryptocurrency investment scams among a range of online threats which have been blocked.
More than half of the 10,000 online links to scams blocked or taken down by the National Cyber Security Centre (NCSC) are for cryptocurrency schemes, where investors are promised high returns in return for buying blockchain currency such as Bitcoin.
Phillip Hay, head of threat intelligence analysis at Mimecast said that email remains a “key vector” for cybercriminals and it is no surprise to see so many phishing emails reported to the NCSC. 
Hay said: “At Mimecast, our recent State of Email Security report found that 60 percent of organisations believe it’s inevitable or likely they will suffer from an email-borne attack in the coming year. The same study found that 72 percent said phishing attacks remained flat or increased in the last 12 months. This is also exacerbated by the coronavirus pandemic, which has led to a real uptick in email-borne attacks. Our research found that detections were up a third during the first 100 days of the pandemic.”
Hay added that security leaders need to invest in a strategy that builds resilience moving at the same pace as digital transformation.
He said: “This means organisations must apply a layered approach to email security, one that consists of attack prevention, security awareness training, roaming web security tied to email efficacy, brand exploitation protection, threat remediation and business continuity.”
The scheme launched in April as part of the Government’s Cyber Aware campaign, receiving a daily average of 16,500 emails.
While cryptocurrency scams are the main scams detected, there have been cases of fake online shops and spoofs involving brands such as TV Licensing, HMRC, Gov.uk and the DVLA.
The figures show that 10 percent of the scams were removed within an hour of an email being reported, and 40 percent were down within a day of a report. 
Some 10,200 malicious URLs linked to 3,485 web sites have been.
The service was co-developed with the City of London Police and will also support UK policing with a live time analysis of reports and identifying new patterns in online offending.
Commander Karen Baxter, from the City of London Police, said: “Unquestionably, a vast number of frauds will have been prevented, thanks to the public reporting all these phishing attempts. Not only that, but it has allowed for vital intelligence to be collected by police and demonstrates the power of working together when it comes to stopping fraudsters in their tracks.”
Paul McEvatt, senior threat and intelligence manager, Fujitsu EMEIA said million mark was a “stark reminder” that even in a time of global crisis cybercriminals have ramped up their attempts to exploit the anxieties of their victims.
“Phishing attacks are one of the most effective methods of attack for cybercriminals and affect every institution and industry. There are increasing reports of cybercriminals using phishing emails to collect data from organisations in order to create fake websites and profiles; the attackers may then use those profiles to claim support under government aid schemes that have been set up to help during the crisis.
McEvatt said that it’s not just businesses and organisations that are affected, with ordinary citizens arguably at the greatest risk of all. 
He said: “Masquerading as Coronavirus updates, information around the availability of masks and vaccine information – even posing as organisations looking for donations to charitable relief funds – are hard to spot but becoming increasingly common. Irregularities in emails, such as an unexpected emphasis on urgency, spelling and grammar mistakes and whether they expect an email from the sender are all signs that the email is a phishing attack.”
Matt Lock, technical director UK at Varonis said it was “pleasantly surprising” to see a positive report about the public stepping up and reporting email scams and threats. Lock said: “It would be easier for individuals to simply delete suspicious emails, but it’s reassuring to learn that many are taking the extra step to report with some brilliant results.
“Mobilising the public at large to remain watchful and report unusual activity is not foolproof - scammers are a moving target because they can easily change their tactics. The Suspicious Email Reporting Service is an approach that makes sense while offering reminders to individuals to stay alert.”
Ed Macnair, CEO of Censornet, said that although it is positive to see people being vigilant against spam and phishing attacks, these figures from the NCSC demonstrate the extent of the problem. Cybercriminals will continue to capitalise on the hysteria surrounding Covid-19 to exploit both organisations and individuals, preying on their curiosity and vulnerability. Despite the success of this Suspicious Email Reporting Service, there are still social engineering attacks that will continue to slip through the net due to human error.
“It is crucial that organisations take it upon themselves to protect employees from these email attacks in the first instance. Businesses need to use email security that combines algorithmic analysis, threat intelligence and executive name checking to efficiently protect themselves against these evolving attacks,” said Macnair.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews