NCSC Report Reveals Phishing Lures Increasingly Disguised as Vaccine Appointments
The National Cyber Security Centre (NCSC) released the fifth edition of its Active Cyber Defence report on Wednesday 25 June 2022. Launched in 2016, the NCSC’s Takedown service has cut the UK.’s share of global phishing in half and reduced the lifecycle of commodity cyber-attacks.
Since its establishment, the service has fought new attacks. Public reporting has been activated via SERS and 7726, alongside Action Fraud. This has allowed the NCSC to tackle commodity cybercrime categories tied to reported financial losses. The service has taken down a total of 3.7m campaign groups, which have been composed of 5.8m URLS including 2.01m IP addresses, in just five years.
In an increasingly digital world, measures to prevent cybercrime are more important than ever. Active Cyber Defence (ACD) aims to “protect the majority of people in the UK from the majority of the harm caused by the majority of the cyber-attacks the majority of the time,” the report notes. As a largely automated service, the ACD safeguards the public against threats such as malware, reducing both occurrence and success rate.
In 2021, the Takedown service combatted 2.7m campaigns, including 3.1m URLs, a notable rise from 2020 takedowns comprising 700k campaigns, including 1.4m URLs. This significant increase is likely a result of the greater duration during which takedowns against extortion mail server and celebrity-endorsed investment scams were carried out in 2021.
A new NHS vaccine lure was identified in December 2020 amid the pandemic. Victims received more than 70 of these lures in January 2021 via email and SMS campaigns. In the summer of 2021, this lure became less significant when a vaccine certification scheme took its place as the popular option.
Together, these campaigns have sought to mine personal and financial data from targets. Bookings for vaccine appointments were falsely advertised on phishing websites in exchange for a fee, a lure that captured said data, allowing phishers to commit fraud and contact victims pretending to be representatives of UK. banks.
Vaccine lures rapidly became more convincing, even offering QR Codes. Scanning said codes redirected victims to a free QR code generation site. The Office for National Statistics held its first digital census for England and Wales in March 2021. Following the event, phishers seized the opportunity to threaten targets with fines were they to send their census late.
With thanks to the Cyber Defence Alliance and InfoSecurity Magazine. The full story is here: https://www.infosecurity-magazine.com/news/phishing-lures-disguised-as/
Free Phishing Security Test
Would your users fall for convincing phishing attacks? Take the first step now and find out before bad actors do. Plus, see how you stack up against your peers with phishing Industry Benchmarks. The Phish-prone percentage is usually higher than you expect and is great ammo to get budget.
Here’s how it works:
- Immediately start your test for up to 100 users (no need to talk to anyone)
- Select from 20+ languages and customize the phishing test template based on your environment
- Choose the landing page your users see after they click
- Show users which red flags they missed, or a 404 page
- Get a PDF emailed to you in 24 hours with your Phish-prone % and charts to share with management
- See how your organization compares to others in your industry
PS: Don’t like to click on redirected buttons? Cut & Paste this link in your browser: https://info.knowbe4.com/phishing-security-test-partner?partnerid=001a000001lWEoJAAW