More websites hosting phishing domains and other online scams have been taken down during the last year than during the previous three years combined.
The UK’s National Cyber Security Centre’s (NCSC) fourth annual Active Cyber Defence
report details how it helped remove the increased number of scams from the internet:
- In total, more than 1.4 million URLs responsible for 700,000 online scams have been removed by the NCSC during the last 12 months.
The last year has seen a big rise in Covid-19 themed cyber-crime and the NCSC has helped to remove thousands of URLs associated with phishing and malware attacks using warnings about Covid-19 or false offers of vaccines.
These Covid themed attacks probably account for the rise in online scams given that millions of people were working from home and therefore represented a huge target for cyber-criminals.
- The NCSC also helped to take down fake online shops hosted in the UK, as well as fake celebrity endorsement scams used in an attempt to lure people into falling victim to cyber-attacks.
- Often these scams begin with phishing messages which take victims through several URLs before they land on the final malicious site.
Scams and phishing campaigns designed to look like they came from the government, the NHS, HMRC and other high profile organisations have all been detected and removed.
With a slightly Churchillian tone the NCSC said it aims to protect, “the majority of people in the UK from the majority of the harm caused by the majority of the cyber-attacks the majority of the time.”
- NCSC tools in the fight against cyber-crime include the NCSC’s Suspicious Email Reporting Service, a feature introduced last year which allows members of the public to forward emails suspected to be fraudulent, directly to the NCSC for further investigation.
To date, the NCSC service has received over four million emails and has helped identify more than 1.5 million malicious URLs leading to the takedown of tens of thousands of scams that hadn’t previously been identified.
One-in-three reported emails contain malware
Following on from this it won’t be a surprise to discover the findings of a recent report which said that one-in-three suspicious emails reported by employees of commercial organisations are malicious.
- The survey analysed over 200,000 emails that were flagged by employees from organizations across the globe in the first half of 2021, and found that 33% of the reports could be classified as phishing.
Phishing emails, for instance, can claim to be from a delivery company and ask the user to re-schedule a fake delivery, or from bank requiring some sort of update or confirmation.
- What phishing mails all have in common is that they try to convince the recipient to take action by clicking a link, providing some sensitive information or downloading an attachment, giving the hacker a way into carrying out an attack.
While phishing can occur through various means, including social media and even the phone, email is the most common method and accounted for over half of infection attempts in 2020. Make sure you’re always protected with BullGuard