Phishing scams top UK spy agency’s biggest cyberattacks

Tuesday, 27 February, 2018

Phishing spoofs, where users are invited to click on links to fake websites in an effort to scam them out of their details, still head the UK’s most common cyberattacks.

The National Cyber Security Centre (NCSC) has said it detected and prevented millions of online attacks aimed at the UK’s critical infrastructure, one year since the Active Cyber Defence (ACD) initiative was launched.

12 months ago the NCSC launched four pioneering programs: Web Check, DMARC, Public Sector DNS and a takedown service.

These programmes are free at the point of use and can block fake emails, remove phishing attacks and stop public sector systems being infected by malicious code.

Phishing: How to protect yourself to beat scammers

A report into the work done over the past 12 months lists some of the scam domains containing phishing emails that have now been removed.

Among the top most phished were HMRC, the DVLA, Student Union Loans and the Crown Prosecution Service.

Through the National Cyber Security Centre, the UK has taken a unique approach that is bold and interventionalist, aiming to make the UK an unattractive target to criminals or nation states.

This report shows that simple things, done at scale, can have a positive and measurable effect and the British public should be safer as a result of these measures.

But there is a lot more to be done. The successes we have had in our first year will cause attackers to change their behaviour and we will need to adapt.

- Dr Ian Levy: Technical Director, National Cyber Security Centre

Biggest phishing in UK council email

The NCSC initiative has seen a drop in the UK’s share of global phishing attacks down 5.3% with 121,479 sites hosted in the UK and a further 18,067 global sites removed.

There have been more than one million security scans and 7 million security tests carried out on public sector websites.

The initiative boasts they have blocked 4.5 million malicious emails a month.

Takedown times for sites pretending to be from the government came down from 42 hours to just 10 and there was a significant fall of scam emails from a bogus address such as

Among the organisations who have been the most effective at defending themselves from malicious attempts were local authorities.

Honourable mention goes to to Northumberland County Council which stopped 59,405 attempts, Cardiff Council with 31,728 and Denbighshire County Council with 25,627.

MAIN IMAGE: Lee Jordan/CC BY-SA 2.0

Tim Bamford author picture


Tim is a veteran freelance journalist writing extensively on internet news and cybersecurity.