Suspicious email reported every five seconds in UK

The latest report from the National Cyber Security Centre (NCSC) has revealed that last year, 7.1 million suspicious emails were reported to its Suspicious Email Reporting Service (SERS).

This equates to a suspicious email being reported every five seconds in 2022, and 22,000 per day, said the NCSC.

GCHQ’s centre for cyber security added that support from businesses has helped it remove more than 235,000 malicious URLs from the internet since SERS was launched in April 2020. It took less than six hours on average to remove these URLs.

In 2022, there was a 39% increase in the number of businesses that signed up to its services, following the NCSC’s launch of a tool to help small and medium-sized enterprises (SMEs) become more resilient.

Jonathon Ellison, director for national resilience and future technology at the NCSC, said the challenge for cyber defences is the fact that when you cut down one attack, another springs up in its place. “The Active Cyber Defence programme is once again doing unparalleled work to keep the country safe,” he said.

Ellison added that cyber security is not the sole preserve of tech specialists, and said businesses are “increasingly alive and eager to engage with the cyber risks they face”.

“Small businesses have a key role to play in making it safer to work and live online, which is why we’re making it even easier for them to shore up their defences with accessible, free tools – and, soon, to manage these effortlessly via our integrated MyNCSC platform,” he said.

The NCSC said small businesses face a “unique set of behavioural barriers, financial pressures and competing priorities” in becoming secure, and often lack the expertise and resources to focus on cyber security.

Federation of Small Businesses (FSB) national chair Martin McTague said the organisation has championed building cyber resilience among small firms. “A fifth of small businesses see cyber crime as the most impactful crime in terms of both cost and disruption to their operations,” he added.

McTague praised the introduction of the SME-focused tool from the NCSC. “[It] is doing the right thing by making its services accessible to SMEs so they can better protect themselves in the digital world,” he said.

The NCSC report found that phishing scams are once again the most prevalent attack hosted in the UK, although it said the amount of global phishing campaigns hosted in the UK has declined.

In an email from cyber crime reporting service Action Fraud to its subscribers last month, commander Nik Adams at the City of London Police said: “Every year, thousands of people in the UK are scammed by a fraudulent email or text message.

“Phishing scams, whether it’s a text message claiming you have missed a delivery and are required to pay a redelivery fee, or an email claiming to be from your bank, are common security challenges that both individuals and businesses across the UK face on a daily basis.”

Other findings included a 17% reduction in opportunistic attacks on the HMG brand, and that the crisis in Ukraine “was a consistent pretence for cryptocurrency scams” throughout last year.