BBC News are reporting this morning that An attempt to defraud thousands of people using a bogus email from a UK airport was one of a range of cyber-attacks prevented last year. The scam used a fake gov.uk address, but the messages were prevented from ever reaching their intended recipients. The details were revealed by GCHQ’s National Cyber Security Centre in an annual report. In all, NCSC disclosed it had stopped 140,000 separate phishing attacks.
Email scammer's plan to defraud 200,000 airport customers is foiled: The NCSC's Active Cyber Defence report outlines how the scheme has helped defend the UK from hackers – and outlines plans for continuing to do so in future. https://t.co/ZckW28XXqj pic.twitter.com/hxWGa0gIDy
— Global Cyber Threat Intel (@cipherstorm) July 16, 2019
Experts Comments:
Corin Imai, Senior Security Advisor at DomainTools:
Kelvin Murray, Senior Threat Researcher at Webroot:
Phishing is over 20 years old and remains an extremely popular method of attack, that has seen constant innovation this year. Despite the wide scope of this report and the many threats outlined, the methods of mitigating these attacks should be familiar to organisations. A multi-factorial approach combining user education, updates, DNS, file, email and URL filtering is vital to keeping the enterprise safe from these attacks. In addition, an emphasis on collaboration in the information security sector as a whole will help us stay one step ahead of the bad guys.”
Rob Norris, VP Enterprise and Cyber Security at Fujitsu:
“Unfortunately one of the simplest methods of stealing sensitive information is through a basic email phishing campaign, as proved by the fact that NCSC stopped 140,000 phishing attacks last year alone. This is partially because organisations still rely heavily on email to communicate both internally and externally, but also because of the human factor. Human behaviour is cited as the biggest challenge in email security, therefore it is imperative that businesses prioritise vigilance and awareness through education and training.
“I would advise that some of the things we can do to identify suspected email security threats are hovering over the email hyperlinks before clicking to see the web address; blocking executable files and emails with large attachments; being mindful of password reset emails; and using a VPN when working remotely or using public WiFi. In today’s digital world, no one is immune from data theft, and being vigilant, both as an employee and as a consumer, is paramount.”