Cost of living with red arrow going up  illustration

Fraudsters Adapt Phishing Attacks to use UK’s Current Crisis

The Covid-19 epidemic and the cost-of-living crises have caused cybercriminals to update their phishing attacks to target those who are struggling economically. Office for National Statistics (ONS) analysis states that every month, 80,000 Brits fall victim to phishing emails and give out personal data.

Email and SMS advertisements that resemble real government assistance programmes include energy offers and property tax refunds or encourage users to apply for “cost of living subsidies.”

More than 1,500 reports of phishing attacks (emails) posing as valid refunds from UK energy regulator Ofgem were filed with the Suspicious Emails Reporting Service (Sers) in the two weeks prior to August 5th. “Claim your bill refund today” is the subject line of the emails, which include the Ofgem logo and colours.

Although just 3% of those who received suspicious phishing emails reacted or clicked a link, the research, which was published on September 26, found that. In England and Wales, this was equivalent to about 700,000 residents.

It was discovered that 11%, or about 80,000 of those who responded or clicked on a link gave information that might be utilised by cybercriminals.

The NFIB has noticed a rise in complaints about scams in which victims are attacked on WhatsApp by scammers posing as someone they know, usually their children. There is evidence that widespread social trends, such as an increase in internet shopping, have been exploited by fraudsters.

This includes an increase in “advance fee fraud” of nine times the pre-pandemic level and an increase in retail and consumer fraud of 59%. Advance fee fraud has increased dramatically from pre-pandemic levels.

Crime Survey of England and Wales
England and Wales Crime Survey (Office for National Statistics)

According to detective chief superintendent Oliver Shaw of the City of London Police:

Phishing attacks continue to pose a significant threat for both individuals and businesses. I would urge everyone to be vigilant of unexpected messages or calls that ask for your personal or financial information. Remember, your bank, or any official source, will never ask you to supply personal information via email or text message.

Rising Outgoings and Phishing Attacks

The COVID-19 epidemic and growing expense of living are two new developing issues that scammers have taken advantage of. Fraudsters constantly change their phishing attacks.

Coronavirus-related fraud was believed to account for 4.9% of all fraud in the most recent year, which increased to 6.5% of all cyber fraud. In one effort, victims reported receiving texts from what appeared to be the NHS saying they had been in close touch with a person who had the Omicron variant.

Phishing Message
Phishing Message (Office for National Statistics)

The message offers a link to a website that purports to be run by the NHS, where users may schedule a test and be asked for personal information and a delivery cost.

Smishing targets those who are struggling financially, new tendencies have been seen by the National Fraud Intelligence Bureau (NFIB), a division of the City of London Police that is the national policing lead on fraud.

According to the TCSEW, more than a third (35%) of individuals who responded to or clicked on a link in a phishing message claimed to have done so to earn money or other valuables, and 30% said they did so to pay a bill or an invoice.

Director of research and development at Cifas, Sandra Peaston, said:

Fraudsters are using increasingly sophisticated methods to trick people into parting with their personal and financial information. Checking to make sure the person or organisation is genuine, contacting them via their official website and using the check-a-website tool to make sure the site is safe are all ways to avoid a phishing attack.

More vulnerable to cyberattacks

Businesses are now more vulnerable to a wide range of cyberattacks because to the expansion of employee usage in terms of hours, locations, and devices.

According to the study, big attacks are on the rise, with 45% of the organisations polled reporting a breach in the previous year, an increase of 22% year over year. To “get the work done,” just over half (52%) of respondents said that they have previously compromised the security of portable devices, primarily internet of things (IoT) devices.

However, businesses in the UK are far more certain than businesses worldwide to penalise workers who take part in actual or phishing attacks in February. A total of 78% of UK organisations had to deal with at least one ransomware attack resulting from a direct email payload due to an increase in phishing attacks.

Mitigation

Practical tips on how to identify phishing attacks and report suspicious communications have been released by the National Cyber Security Centre (NCSC). To allow the public to report suspicious emails to a system that checks them for malicious links, the NCSC and the City of London Police created SERS in April 2020.

Whenever you are unsure about a message, get in contact with the organisation. Sending the email to report@phishing.gov.uk will allow you to report emails that you believe to be scams.

Please alert your bank right away and file a report with Action Fraud at www.actionfraud.police.uk if you have fallen victim to a phishing scam and lost money or gave personal information as a result.

The Takedown Service is another part of the NCSC’s Active Cyber Defence programme, which targets large volume attacks like phishing. More than 2.6 million fraud campaigns were removed from the internet by the NCSC in 2020, setting a record and more than doubling the amount removed in 2020.

Help your colleagues spot these phishing emails by starting your Phishing Tackle security awareness training today with our two-week free trial.

Recent posts