One of the UK’s most influential financial regulators was targeted by 238,711 malicious and unsolicited emails over the final three months of 2020, averaging around 80,000 email attacks per month.
The Financial Conduct Authority (FCA) faced the deluge of attempted attacks according to official figures obtained by the Freedom of Information (FOI) act and analysed by Griffin Law, a leading litigation firm.
A 99% of all blocked emails were defined as spam, which includes unsolicited marketing and advertising emails and phishing emails. The FCA also recorded 2,402 emails potentially containing malware.
“The scale of the phishing problem, today, is huge,” said Tim Sadler, CEO, Tessian, the cybersecurity startup that raised a $42m Series B round in 2019. “Our own data showed an uptick in the number of social engineering and wire fraud scams in the last six months of 2020. Why? Because it’s much easier to hack a human to hack an organisation than it is to hack a company’s software.
“Cybercriminals, undoubtedly, want to get hold of the huge amounts of valuable and sensitive information that FCA staff have access to, and they have nothing but time on their hands to figure out how to get it. It just takes a bit of research, one convincing message or one cleverly worded email, and a distracted employee to successfully trick or manipulate someone into sharing company data or handing over account credentials.
“Businesses must make their people aware of how they could be targeted, especially when working remotely, and ensure they have the technology in place to prevent people falling for the scams.”
Donal Blaney, principal at Griffin Law, added, “This is a worrying number of attacks on a government agency well equipped to protect itself. It suggests that the negative potential of spam and malware for the rest of us is massive. Obviously, we should all do as the FCA did here: ensure all devices are protected and be vigilant.
“Check and double-check before clicking, responding or providing personal data. On a larger scale, it’s time we went after the organised criminals behind this scourge on society. Phishing is not a victimless crime and we should be doing more to end it.”
Copyright © 2018 RegTech Analyst
