The UK’s cyber defence operation has thwarted a major airport email phishing campaign, which used a fake gov.uk address in an attempt to get over 200,000 airline passengers to hand over cash on the premise that they would receive an increased refund by doing so.
This was just one of the 140,000 separate phishing attacks blocked last year, according to the National Cyber Security Centre (NCSC) annual report.
While the NCSC has not shared the name of the airport which was targeted last summer, it did reveal that the emails never reached their intended recipients, as it successfully blocked them from being sent. The GCHQ-backed body also took the scammer’s real email address offline to prevent any replies from being received.
"National Cyber Security Centre took down 190,000 fraudulent websites."
According to the annual report, the organisation also took down 190,000 fraudulent websites. The centre said that 64% of illegal sites were offline within 24 hours of being discovered and 99.3% eventually went dark.
Another success was an apparent reduction in the number of attacks in which fraudsters had posed as HM Revenue & Customs. At the start of January 2016, HMRC was the 16th most popular disguise used in phishing emails. By the end of 2018, a series of new measures had reduced its global ranking to 146th.
Other incidents flagged by the report include a primary school being involved in the spread of a large-scale malware infection because its anti-virus system was not working. Meanwhile an unnamed public sector organisation that deals with sensitive information was breached because its employees had downloaded unauthorised software.
In the future, the NCSC said it wanted to do more to map the UK’s use of the internet, in a piece of research it calls the Internet Weather Centre.
DomainTools senior security advisor Corin Imaiat said: “This is a massively encouraging progress report, and the UK is extremely wise to have invested in such a diligent dedicated cybersecurity centre in order to combat cybercrime.
“Phishing is one of the most common and sadly one of the most effective methods of extracting funds by nefarious means from the general public, so the NCSC being able to stop 140,000 separate attacks is a step in the right direction.”
However, there is still work to be done. According to Action Fraud, nearly £11 billion is lost to the UK economy every year as a result of fraud, including cybercrime.