Financial Conduct Authority  

FCA hit by 80,000 malicious emails a month

FCA hit by 80,000 malicious emails a month

Warning bells have been sounded over an increasing trend of social engineering and wire fraud scams after it emerged the Financial Conduct Authority received 80,000 malicious emails a month at the tail end of last year. 

The final three months of 2020 saw the regulator targeted by 238,711 malicious and unsolicited emails, with 99 per cent of blocked emails considered spam.

According to a Freedom of Information request submitted by litigation firm Griffin Law the FCA also recorded 2,402 emails potentially containing malware, which often include malicious content to take over or damage software or data. 

Though it is not clear exactly what the emails contained, spam can typically include phishing emails, a type of social engineering cyber-attack designed to impersonate a brand, service or individual, and steal data from its intended target.

According to Action Fraud social engineering is an "extremely targeted" type of scam, where fraudsters manipulate their victims into sharing confidential information and can happen via fake emails, phone calls or texts. 

The FOI highlighted that all known cyber attacks sent to the FCA had been blocked by the regulator. 

But cyber security specialist Tim Sadler, chief executive at Tessian, warned the figures alluded to a wider phishing problem on a "huge" scale. 

He said: "Our own data showed an uptick in the number of social engineering and wire fraud scams in the last six months of 2020.

"Why? Because it's much easier to hack a human to hack an organisation than it is to hack a company's software. 

"Cybercriminals, undoubtedly, want to get hold of the huge amounts of valuable and sensitive information that FCA staff have access to, and they have nothing but time on their hands to figure out how to get it.

"It just takes a bit of research, one convincing message or one cleverly worded email, and a distracted employee to successfully trick or manipulate someone into sharing company data or handing over account credentials."

Mr Sadler urged businesses to make their staff aware of how they could be targeted, especially when working remotely, and ensure the technology was in place to prevent people falling victim to scams.

The arrival of the global coronavirus pandemic has been marked with a significant increase in the number of scammers looking to take advantage of social and economic uncertainty, both in the workplace and at home. 

Since the crisis began HM Revenue and Customs has repeatedly warned of fraudsters attempting to impersonate the tax authority in a bid to target people claiming furlough or the self-employed completing self-assessment returns. 

Donal Blaney, principal at Griffin Law, said: "This is a worrying number of attacks on a government agency well equipped to protect itself - it suggests that the negative potential of spam and malware for the rest of us is massive.

"Obviously, we should all do as the FCA did here: ensure all devices are protected and be vigilant - check and double-check before clicking, responding or providing personal data.