A recent report from Verdict revealed that Her Majesty’s Revenue and Customs (HMRC), the U.K. tax ofice, was hit with over 500,000 malicious emails between July and September 2020. These included spam, phishing, and malware attacks. If successful these campaigns could give criminals access to huge amounts of data to conduct fraudulent activity.
The data reveals that of the emails that have bombarded the iboxes of civil servants are 377,820 emails that were spam and junk, 128,255 emails which were phishing attacks and the remaining 15,507 messages contained malware.
To gain an insight into the nature ofthe attack and why this area of government operations was particularly vulnerable, Digital Journal caught up with Mark Crichton, Senior Director of Security Product Management, OneSpan.
According to Crichton there are signs that malicious actors have upped their game in terms of who they are targetting. Here he notes: “These findings confirm that as well as targeting consumers, cybercriminals are going directly to the source of the data they’re after, in this case, HMRC itself. All it takes is one unsuspecting employee to believe an email to be legitimate, and criminals could gain access to a wealth of data that can be used to conduct fraudulent activities.”
In terms of robust preventative strategies, Crichton says: “It’s important that staff are educated on best security practices, including how to spot a phishing email, and what to do if they do accidentally click on a suspicious link. It goes without saying that this should serve as a lesson to all businesses, no matter the industry, not to take security for granted. It’s imperative that regular assessments of security protocols and monitoring tools are carried out continuously in order to identify any weaknesses before hackers can take advantage of them.”
