Home » News » Phishing scams top UK spy agency’s biggest cyberattacks

Phishing scams top UK spy agency’s biggest cyberattacks

Tuesday, 27 February, 2018

Phishing spoofs, where users are invited to click on links to fake websites in an effort to scam them out of their details, still head the UK’s most common cyberattacks.

The National Cyber Security Centre (NCSC) has said it detected and prevented millions of online attacks aimed at the UK’s critical infrastructure, one year since the Active Cyber Defence (ACD) initiative was launched.

12 months ago the NCSC launched four pioneering programs: Web Check, DMARC, Public Sector DNS and a takedown service.

These programmes are free at the point of use and can block fake emails, remove phishing attacks and stop public sector systems being infected by malicious code.

Phishing: How to protect yourself to beat scammers

A report into the work done over the past 12 months lists some of the scam domains containing phishing emails that have now been removed.

Among the top most phished were HMRC, the DVLA, Student Union Loans and the Crown Prosecution Service.

Through the National Cyber Security Centre, the UK has taken a unique approach that is bold and interventionalist, aiming to make the UK an unattractive target to criminals or nation states.

This report shows that simple things, done at scale, can have a positive and measurable effect and the British public should be safer as a result of these measures.

But there is a lot more to be done. The successes we have had in our first year will cause attackers to change their behaviour and we will need to adapt.

- Dr Ian Levy: Technical Director, National Cyber Security Centre

Biggest phishing in UK council email

The NCSC initiative has seen a drop in the UK’s share of global phishing attacks down 5.3% with 121,479 sites hosted in the UK and a further 18,067 global sites removed.

There have been more than one million security scans and 7 million security tests carried out on public sector websites.

The initiative boasts they have blocked 4.5 million malicious emails a month.

Takedown times for sites pretending to be from the government came down from 42 hours to just 10 and there was a significant fall of scam emails from a bogus @gov.uk address such as taxrefund@gov.uk.

Among the organisations who have been the most effective at defending themselves from malicious attempts were local authorities.

Honourable mention goes to to Northumberland County Council which stopped 59,405 attempts, Cardiff Council with 31,728 and Denbighshire County Council with 25,627.

MAIN IMAGE: Lee Jordan/CC BY-SA 2.0

Tim Bamford author picture


Tim is a veteran freelance journalist writing extensively on internet news and cybersecurity.

News What's the story?

Keep up with the latest developments in UK broadband.

BT launches second line service

BT launches second broadband home line service for the new crop of home workers.

BT launches second line serviceBT launches second line service Read more

Best broadband areas for online gaming in the UK.

A list of the best areas for online gaming has just been released.

Read more

What will 6GHz home broadband mean for consumers?

Read more

Study unsurprisingly shows WiFi usage increased during lockdown.

Read more

Help Learn with us

Make the most of the internet with our broadband library.

Could my webcam be compromised?

A compromised webcam could pose significant security risks even if you don a disguise, so ensure video cameras on web-enabled devices are functioning normally

Could my webcam be compromised?Could my webcam be compromised? Read more

How to build your own website on a budget

Read more

How to tell when your PC is about to fail

Read more

How to get around the 40 minute limit on Zoom.

Read more