Phishing: 160,000 dodgy emails flagged to scam-busting service in just two weeks

NCSC's suspicious email reporting service leads to the direct closure of phishing and other fraudulent websites - some exploiting coronavirus - in just two weeks.
Written by Danny Palmer, Senior Writer

Over 300 phishing and scam websites – many related to coronavirus – have been taken down by UK intelligence services after the general public flagged over 160,000 suspicious email messages.

Launched last month, the suspicious email-reporting service is an initiative by the UK National Cyber Security Centre – the cyber arm of GCHQ which aims to track down and close cyber-criminal and fraudulent websites through tip-offs from the general public forwarding suspicious emails to the NCSC.

After receiving 5,000 tip-offs on the first day of the service, the first two weeks have seen 160,000 suspicious emails reported to the NCSC, directly leading to 300 cyber-criminal enterprises being taken down.

SEE: Cybersecurity: Let's get tactical (ZDNet/TechRepublic special feature) | Download the free PDF version (TechRepublic)

"This really is a phenomenal response from the British public. I would like to thank them for embracing our reporting service as well as the many organisations which have promoted it," said Ciaran Martin, chief executive of the NCSC.

"While cyber criminals continue to prey on people's fears, the number of scams we have removed in such a short timeframe shows what a vital role the public can play in fighting back."

Many scams being reported to the NCSC include websites claiming to sell coronavirus-related products such as testing kits, face masks and even vaccines – which currently don't exist. Anyone entering details into these websites are likely just to get their personal information and bank details stolen.

Other fraudulent websites taken down include fraudulent – but convincing – versions of government websites, as well as the TV-licensing website. The scammers behind these pose as legitimate organisations in an effort to trick victims into handing over bank details.

The suspicious email-reporting service was co-developed by the City of London Police and the service will help police forces across the country to identify new kinds of online fraud – and to take down malicious websites quickly.

"While the world is coming together to combat this global health crisis, criminals are intent on exploiting our unease, anxiety and vulnerabilities in these unprecedented times," said Commander Karen Baxter, national lead for fraud at the City of London Police.

"Fraud is an incredibly underreported crime. The more the police know about fraud, and fraud attempts, the better chance they have of tracking down those responsible and bringing them to justice," she added.

SEE: Coronavirus: Business and technology in a pandemic

Members of the public are urged to continue to forward suspicious messages to the NCSC at report@phishing.gov.uk – and to be mindful about emails and potentially fraudulent offers they see online.

"I would urge people to remain vigilant and to forward suspect emails to us. If it looks too good to be true, it probably is," said Martin.

While the overall number of phishing emails, malicious websites and cyberattacks hasn't gone up, cyber criminals are increasingly turning to coronavirus as a subject to lure victims into giving away login credentials, payment card details and other personal information.

The sudden rise in remote working has also caused additional security risks for both people and the organisations they work for.


Editorial standards