The Pensions Regulator (TPR) was the target of more than 343,000 email attacks in 2019, an increase of 148 per cent over last year, according to official data.
A Freedom of Information request from think tank Parliament Street showed last year TPR was hit by a total of 343,867 phishing malware and spam email attacks, up from 138,834 in 2018.
According to the data, in 2018 TPR blocked 127,664 spam emails and 11,170 malware and phishing emails.
This compared with 57,977 spam email and 735 malware or phishing emails in 2019. However, a further 285,155 were blocked due to spam, phishing or malware risk, but were not categorised accordingly.
Of the fraudulent emails which targeted TPR, phishing and malware were the least common but they have the potential to be the most harmful.
Malware is any software intentionally designed to cause damage to a computer, server, client, or computer network, whereas phishing involves sending emails pretending to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers.
Spam emails are common and often quite easy to detect – they are unsolicited emails, often for the purpose of marketing or for phishing attempts or spreading malware.
Parliament Street said these sort of attacks on TPR were not unusual as it is possible their servers contain sensitive customer information relating to pension schemes, which a hacker would be keen to get hold of.
Jonathan Young, chief information officer at international professional services firm FDM Group, said: “Organisations which manage highly confidential data such as pension details and personal financial information are becoming a top target for hackers.
“All too often, sophisticated phishing email scams are being used to fool workers into handing over passwords and log-in credentials via fraudulent but incredibly realistic-looking email correspondence.”
He added: “Tackling this challenge requires investment in the latest cyber skills training, ensuring that every single employee is digitally adept and able identify and report suspicious communications. It’s also important to end the inherent blame-culture, which often leaves employees reluctant to report mistakes due to fear of the consequences.
“Additionally, employers should look to increase digital skills within the wider workforce, hiring in those with the necessary IT qualifications and ensuring existing workers are given access to the necessary refresher courses to develop their skills. Above all, staff should be treated as an IT security asset, rather than a risk.”
amy.austin@ft.com
What do you think about the issues raised by this story? Email us on fa.letters@ft.com to let us know.
