The Financial Conduct Authority was targeted by nearly a quarter of million malicious emails during the fourth quarter of 2020, according to a Freedom of Information request by Griffin Law, highlighting financial services’ vulnerability as a cybercime target.
According to the leading litigation firm, the watchdog received 238,711 malicious and unsolicited emails over the three month period, averaging around 80,000 email attacks per month.
In response to the FOI request, the FCA said 99% of all blocked emails were defined as “spam”, which includes everything from unsolicited marketing to advertising emails, while 2,402 emails potentially containing ‘malware’ were also recorded by the FCA.
November saw the highest amount of email attacks, with the FCA recording 84,723 malicious emails, split by 83,892 spam emails and 831 malware emails.
The findings come less than a year after the FCA faced criticism for accidentally revealing personal information of about 1,600 people in February 2020.
Donal Blaney, principal, Griffin Law, said: “This is a worrying number of attacks on a government agency well equipped to protect itself. It suggests that the negative potential of spam and malware for the rest of us is massive. Obviously, we should all do as the FCA did here: ensure all devices are protected and be vigilant. Check and double-check before clicking, responding or providing personal data. On a larger scale, it’s time we went after the organised criminals behind this scourge on society. Phishing is not a victimless crime and we should be doing more to end it.”
Anthony Rafferty, CEO, Origo, added: “This data highlights the growing threat to consumers and the business risk from cyber attacks via email. At the end of the day the cybercriminals only have to get lucky once to access someone’s computer or a business’s system, whereas individuals and companies have to be constantly vigilant against these attacks.
“Customer/client email and communications are particularly vulnerable and once a criminal has access to someone’s email they can use it to obtain confidential information and attempt identity fraud. Automating secure messaging through use of encrypted email has to become de rigeuer for providers and financial advisers in the industry to help protect consumers against cybercrime and businesses against risk such as fraud.”
