email-fraud

One less than welcome feature of the pandemic is a significant rise in fraud levels, often originating online and via emails. New research shows that the Financial Conduct Authority (FCA) was the target of almost quarter of a million malicious and unsolicited emails in the final quarter of last year.

The official figures, obtained under the Freedom of Information Act, found that the FCA received 238,711 of these scam and spam emails in quarter four of 2020, averaging around 80,000 email attacks a month.

The analysis by litigation firm Griffin Law looked at the breakdown of these emails blocked by FCA systems between October and December last year.

99% of the blocked emails were categorised as ‘spam’, including everything from unsolicited marketing messages to advertising emails.

However, spam emails also included a number of ‘phishing’ emails, which are designed to impersonate a person or brand, to steal data from the recipient.

The analysis found that 2,402 emails received by the FCA in the period contained ‘malware’ designed to disrupt, take over or damage victims’ software or data. Some examples of malware include trojans, viruses, spyware, adware, and worms.

November 2020 was the worst month for email attacks at the FCA< with 84,723 malicious emails recorded in total.

Back in February 2020, the FCA was criticised for accidentally revealing personal information of around 1,6000 people. The FCA accidentally published the names, addresses and phone numbers of these people in a document shared on their website, when responding to a different Freedom of Information Act request.

Griffin Law pointed out that all known cyber attack emails sent to the FCA were successfully blocked, and the FCA has consistently published warnings about scam campaigns throughout the pandemic.

Cyber security specialist Tim Sadler, CEO at Tessian, said:

“The scale of the phishing problem, today, is huge. Our own data showed an uptick in the number of social engineering and wire fraud scams in the last six months of 2020. Why? Because it’s much easier to hack a human to hack an organisation than it is to hack a company’s software.

“Cybercriminals, undoubtedly, want to get hold of the huge amounts of valuable and sensitive information that FCA staff have access to, and they have nothing but time on their hands to figure out how to get it.

“It just takes a bit of research, one convincing message or one cleverly worded email, and a distracted employee to successfully trick or manipulate someone into sharing company data or handing over account credentials.

“Businesses must make their people aware of how they could be targeted, especially when working remotely, and ensure they have the technology in place to prevent people falling for the scams.”

Donal Blaney, principal at Griffin Law, said:

“This is a worrying number of attacks on a government agency well equipped to protect itself. It suggests that the negative potential of spam and malware for the rest of us is massive.

“Obviously, we should all do as the FCA did here: ensure all devices are protected and be vigilant. Check and double-check before clicking, responding or providing personal data.

“On a larger scale, it’s time we went after the organised criminals behind this scourge on society. Phishing is not a victimless crime and we should be doing more to end it.”