The NCSC announced that it has received one million phishing reports since launching its Suspicious Email Reporting Service. The cybersecurity experts commented below on the importance of reporting phishing emails and how it help to prevent the frauds.
When cybersecurity makes it into the headlines, it’s typically about a breach of consumer data or a costly ransomware incident. So it’s pleasantly surprising to see a positive report about the public stepping up and reporting email scams and threats. It would be easier for individuals to simply delete suspicious emails, but it’s reassuring to learn that many are taking the extra step to report with some brilliant results.
Mobilizing the public at large to remain watchful and report unusual activity is not foolproof – scammers are a moving target because they can easily change their tactics. The Suspicious Email Reporting Service is an approach that makes sense while offering reminders to individuals to stay alert.
Email remains a key vector for cybercriminals and it is no surprise to see so many phishing emails reported to the NCSC. At Mimecast, our recent State of Email Security report found that 60% of organisations believe it’s inevitable or likely they will suffer from an email-borne attack in the coming year. The same study found that 72 percent said phishing attacks remained flat or increased in the last 12 months. This is also exacerbated by the coronavirus pandemic, which has led to a real uptick in email-borne attacks. Our research found that detections were up a third during the first 100 days of the pandemic.
Security leaders need to invest in a strategy that builds resilience moving at the same pace as digital transformation. This means organisations must apply a layered approach to email security, one that consists of attack prevention, security awareness training, roaming web security tied to email efficacy, brand exploitation protection, threat remediation and business continuity.
It is a stark reminder that even in a time of global crisis cybercriminals have ramped up their attempts to exploit the anxieties of their victims, as the NCSC’s Suspicious Email Reporting Service hits its millionth submission. The launch of the reporting service was encouraging to see and it is clear that there has been a positive response to it from citizens.
Phishing attacks are one of the most effective methods of attack for cybercriminals and affect every institution and industry. There are increasing reports of cybercriminals using phishing emails to collect data from organisations in order to create fake websites and profiles; the attackers may then use those profiles to claim support under government aid schemes that have been setup to help during the crisis. But it’s not just businesses and organisations that are affected – citizens are arguably at the greatest risk of all. Masquerading as Coronavirus updates, information around the availability of masks and vaccine information – even posing as organisations looking for donations to charitable relief funds – are hard to spot but becoming increasingly common. Irregularities in emails, such as an unexpected emphasis on urgency, spelling and grammar mistakes and whether they expect an email from the sender are all signs that the email is a phishing attack.
The easy access to a suspicious email reporting service will help reduce the impact of phishing attacks and now it is important to make sure ordinary citizens and employees are aware of the red flags when receiving a phishing email. If it looks too good to be true or in any way suspicious, the best port of call is to never interact with it at all.