The Financial Conduct Authority was targeted by nearly 250,000 spam and malicious emails between October and December last year, with around 2,400 of them containing various malware strains.
According to law firm Griffin Law which obtained this data from the Financial Conduct Authority (FCA) via a Freedom of Information request, FCA received 81,799 such emails in October, 84,723 emails in November, and 72,288 emails in December and was successful in blocking all of them.
Spam emails mostly constitute unsolicited advertisements, product promotions, and sales deals but in some cases, are sent by hackers who lace harmless-looking emails with malware to target unsuspecting users. However, the FCA did spot hundreds of emails that did contain malware such as trojans, viruses, adware, and worms.
Information shared by the FCA with Griffin Law revealed that it was targeted by 1,003 malware-laced emails in October, 831 in November, and 568 such emails in December. In all, the FCA was forced to block 238,711 spam and malware-laced emails in the three-month period.
“This is a worrying number of attacks on a government agency well equipped to protect itself. It suggests that the negative potential of spam and malware for the rest of us is massive,” said Donal Blaney, principal, Griffin Law.
“Obviously, we should all do as the FCA did here: ensure all devices are protected and be vigilant. Check and double-check before clicking, responding or providing personal data. On a larger scale, it’s time we went after the organised criminals behind this scourge on society. Phishing is not a victimless crime and we should be doing more to end it,” he added.
Last year, information obtained by the Parliament Street think tank also revealed that British MPs were targeted by over 22.3 million malicious email attacks in the first eight months of 2020, avering over 2.7 million such emails every month, compared to 1,747,759 monthly average attacks in 2019.
Fortunately, the Parliament’s cyber defences were able to block all 22,321,459 emails thanks to the use of Domain-based Message Authentication, Reporting and Conformance (DMARC) in all gov.uk domains. DMARC helps authenticate an organisation’s communications as genuine by blocking malicious or fraudulent emails that spoof email addresses operated by government departments.
However, no matter how strong cyber defences are, hackers have to be lucky just once to gain access to a wealth of data that is worth its weight in gold in dark web marketplaces or for enemy nations. Last year, Reuters revealed that Dr Liam Fox, the MP for North Somerset who served as the International Trade Secretary between 2016 and 2019 and also served as Defence Secretary between 2010 and 2011, had his email account breached on multiple occasions between July 12 and October 21, 2019.
Reuters learned that Russian hackers used spear-phishing messages to target Liam Fox and obtain his password and login details. Using this technique, they were able to gain access to “six tranches of documents detailing British trade negotiations with the United States” that were later leaked online by a Russian disinformation campaign.
The leaked documents that were obtained from Mr Fox’s email account were later used by the Labour Party in their election campaign to highlight concerns about the Conservatives planning to put the NHS “up for sale”. Jeremy Corbyn shared the 451-page document online in December, alleging that the Conservatives wanted to make the NHS a part of post-Brexit discussions.