"This is a worrying number of attacks on a government agency well equipped to protect itself. It suggests that the negative potential of spam and malware for the rest of us is massive."
This is according to figures obtained by a Freedom of Information (FOI) act and analysed by litigation firm Griffin Law.
In the FCA’s response to an FOI request, they provided a breakdown of all emails blocked by their system from the October to December 2020. 99% of all blocked emails were defined as ‘spam’, which includes everything from unsolicited marketing to advertising emails. ‘Spam’ can also pertain to phishing emails – a malicious social engineering cyber-attack designed to impersonate a brand, service or individual, and steal data from its intended target.
2,402 emails potentially containing ‘malware’ were also recorded by the FCA. Malware email attacks often include malicious content designed to disrupt, take over or damage victims’ software or data, some examples include trojans, viruses, spyware, adware, and worms.
The month which saw the highest quantity of email attacks was November 2020, with the FCA recording 84,723 total malicious emails, split by 83,892 spam email and 831 malware emails. October 2020 recorded 81,799 total emails blocked, but with a higher number of malware attacks (1,003).
Despite the high number of malicious emails, all known cyber attacks sent to the FCA were blocked over the period.
Tim Sadler, CEO of cyber security specialist Tessian, said: "The scale of the phishing problem, today, is huge. Our own data showed an uptick in the number of social engineering and wire fraud scams in the last six months of 2020. Why? Because it's much easier to hack a human to hack an organisation than it is to hack a company's software.
"Cybercriminals, undoubtedly, want to get hold of the huge amounts of valuable and sensitive information that FCA staff have access to, and they have nothing but time on their hands to figure out how to get it. It just takes a bit of research, one convincing message or one cleverly worded email, and a distracted employee to successfully trick or manipulate someone into sharing company data or handing over account credentials. Businesses must make their people aware of how they could be targeted, especially when working remotely, and ensure they have the technology in place to prevent people falling for the scams."
Donal Blaney, principal at Griffin Law, added: “This is a worrying number of attacks on a government agency well equipped to protect itself. It suggests that the negative potential of spam and malware for the rest of us is massive. Obviously, we should all do as the FCA did here: ensure all devices are protected and be vigilant. Check and double-check before clicking, responding or providing personal data. On a larger scale, it’s time we went after the organised criminals behind this scourge on society. Phishing is not a victimless crime and we should be doing more to end it.”