HM Revenue & Customs witnessed a 73% jump in email phishing scams during the Covid-19 pandemic, revealing the growing importance of email and cyber security for businesses.
According to a Freedom of Information request by accountancy firm Lanop Outsourcing, HMRC reported 367,520 reports of phishing attacks during 2020, with a sharp rise in incidents after the UK entered lockdown in March.
In January and February, the government department faced an average 26,100 phishing attacks, before soaring to around 45,046 attacks per month from March to September.
August saw the lowest recorded number of phishing attacks during the six month period, with 38,096 attacks detected by HMRC. However, this figure jumped to 57,801 cases in September, marking its worst month this year.
As well as phishing attacks, HMRC also reported 199,621 cases of phone scams and a further 58,921 reports of text message scams.
Steve Peake, UK systems engineer manager, Barracuda said regular businesses had also faced a similar pattern of cyber attacks, with spear phishing attacks spiking 667% from February to March as a result of the pandemic.
Peake said: “As the pandemic continues, businesses must anticipate Covid-19 themed attacks to increase in quantity. It’s also worth noting that cyber attacks and scams aren’t just contained to email messages, SMS based phishing attacks, or ‘Smishing’, and fraudulent phone calls, also pose a serious threat to consumers, workers and the general public.
“Combatting this threat cannot be achieved by simply relying on a single protection method. It’s important to utilise technology such as robust email security software, while also ensuring staff awareness of security and threats remains high through recurring training.”
Mohammad Sohaib, director, Lanop Outsourcing, commented: “Cyber criminals have not missed a trick when it comes to using the devastating coronavirus to lure unknowing victims into leaking their own private information, such as passwords and payment details, via a phishing scam
“Unfortunately, we are likely to see the percentage of ‘successful’ scams increase, as the sophistication and quantity of these attacks continues to surge. Combatting it requires constant online vigilance from business owners, consumers and internet users, as well as training and education around the threat facing them.”
Commenting on the data, Anthony Rafferty, Managing Director of the FinTech Origo, which in January launched Unipass Mailock, an encrypted email service to help the financial services industry counter cybercrime, said: “Cybercrime has been rising rapidly up the priority list for financial services firms with more and more companies realising the very real risk that exists to their business. This latest report shows the massive increase in email attacks as criminals take advantage of the disruption caused by the Coronavirus – with every sign it will continue into 2021.
“Cybercrime is becoming ever more sophisticated and often it is the simplest means and the weakest link which is targeted. Email remains a primary way for criminals to obtain the information they need and to infiltrate companies’ systems.
“Unsecured email is vulnerable to hacking and is highlighted as a particular target. The Pensions Administration Standards Association (PASA) recently warned against email phishing as “the most successful and dangerous” of cybercrime, citing that research has found 91% of all cyber-attacks start with a phishing email.
“For companies, protecting their email communications with military-grade encryption which can only be opened by the intended recipient and has a clear audit trail, can no longer be a ‘nice-to-have’ option, it has to be a hygiene factor.”
