NCSC: One Million Phishing Messages Reported in Two Months
The National Cyber Security Centre (NCSC) has announced that in just two months of its Suspicious Email Reporting Service being launched, it has received one million reports.
NCSC chief executive officer Ciaran Martin called the number of reports a “milestone” and said it was “testament to the vigilance of the British public.”
He added: “The kind of scams we’ve blocked could have caused very real harm and I would like to thank everyone who has played their part in helping to make the internet safer for all of us.”
Ed Macnair, CEO of Censornet, said: “Although it is positive to see people being vigilant against spam and phishing attacks, these figures from the NCSC demonstrate the extent of the problem. Cyber-criminals will continue to capitalize on the hysteria surrounding COVID-19 to exploit both organizations and individuals, preying on their curiosity and vulnerability.”
Figures show that 10% of the scams were removed within an hour of an email being reported, and 40% were down within a day of a report. Also, 10,200 malicious URLs linked to 3485 individual sites have been removed thanks to the one million reports received.
The Suspicious Email Reporting Service was co-developed with the City of London Police. Its commander Karen Baxter said: “Unquestionably, a vast number of frauds will have been prevented, thanks to the public reporting all these phishing attempts. Not only that, but it has allowed for vital intelligence to be collected by police and demonstrates the power of working together when it comes to stopping fraudsters in their tracks.”
Fake cryptocurrency investment lures made up more than half of all the online scams detected as a result of reporting from the public. In these cases, investors are typically promised high returns in exchange for buying currency such as Bitcoin, but scammers masquerade as crypto exchanges or traders to trick people into handing over money by using fake celebrity endorsements and images of luxury items.
According to the FCA, cryptocurrency investment scams have cost the British public around £27m, as victims are encouraged to invest more and more money.
Macnair also warned of the danger of social engineering attacks, and said it is crucial that organizations take it upon themselves to protect employees from these email attacks in the first instance. “Businesses need to use email security that combines algorithmic analysis, threat intelligence and executive name checking to efficiently protect themselves against these evolving attacks,” he said.