The Financial Conduct Authority (FCA) was targeted by nearly a quarter of a million (238,711) malicious and unsolicited emails over the final three months of 2020, averaging around 80,000 email attacks per month. This is according to official figures obtained by the Freedom of Information (FOI) act and analysed by Griffin Law.
In the FCA’s response to an FOI request, they provided a breakdown of all email’s blocked by their system from the October to December 2020. A whopping 99 per cent of all blocked emails were defined as ‘spam’, which includes everything from unsolicited marketing to advertising emails. ‘Spam’ can also pertain to phishing emails – a malicious social engineering cyber-attack designed to impersonate a brand, service or individual, and steal data from its intended target.
2,402 emails potentially containing ‘malware’ were also recorded by the FCA. Malware email attacks often include malicious content designed to disrupt, take over or damage victims’ software or data, some examples include trojans, viruses, spyware, adware, and worms.
The month which saw the highest quantity of email attacks was November 2020, with the FCA recording 84,723 total malicious email, split by 83,892 spam email and 831 malware emails. October 2020 recorded 81,799 total emails blocked, but with a higher number of malware attacks (1,003) and a lower number of spam (80,696). Finally, there were 72,288 in the final month of 2020, just 568 of these making up emails containing malware, and the remaining 71,720 categorised as spam.
This news arrives less than a year after the FCA was criticised for accidentally revealing personal information of about 1,600 people in February 2020. This incident saw the FCA publish names, addresses and phone numbers in a document on its website, in response to a previous request for data under the Freedom of Information Act.
Cybersecurity specialist Tim Sadler, CEO, Tessian, said: “The scale of the phishing problem, today, is huge. Our own data showed an uptick in the number of social engineering and wire fraud scams in the last six months of 2020. Why? Because it’s much easier to hack a human to hack an organisation than it is to hack a company’s software.
“Cybercriminals, undoubtedly, want to get hold of the huge amounts of valuable and sensitive information that FCA staff have access to, and they have nothing but time on their hands to figure out how to get it. It just takes a bit of research, one convincing message or one cleverly worded email, and a distracted employee to successfully trick or manipulate someone into sharing company data or handing over account credentials. Businesses must make their people aware of how they could be targeted, especially when working remotely, and ensure they have the technology in place to prevent people from falling for the scams.”
It’s worth noting that all known cyber-attacks sent to the FCA were blocked, and over the course of the pandemic the FCA has regularly issued warnings about scam campaigns designed to trick individuals and businesses into leaking their confidential information or send money to a wrong account.
Donal Blaney, principal, Griffin Law, adds: “This is a worrying number of attacks on a government agency well equipped to protect itself. It suggests that the negative potential of spam and malware for the rest of us is massive. Obviously, we should all do as the FCA did here: ensure all devices are protected and be vigilant. Check and double-check before clicking, responding or providing personal data. On a larger scale, it’s time we went after the organised criminals behind this scourge on society. Phishing is not a victimless crime and we should be doing more to end it.”