National Cyber Security Centre
Email innovation simplifies takedown of cyber scams
Scam emails can be sent directly to SERS via a new button organisations can add to their Microsoft Office 365 accounts.
- One single click will flag scam emails to the National Cyber Security Centre
- Latest innovation in campaign that has received 6.5 million reports from the public and removed over 50,000 online scams
- Cloned login pages, spoofs of enterprise software and tricks to download malware bring cyber crime to the workplace.
CYBER experts have made it easier than ever for UK employees to join the fight back against email scams targeting their organisation.
In its latest bid to protect the UK from phishing scams, the National Cyber Security Centre (NCSC), a part of GCHQ, has today published guidance for IT administrators on a new reporting tool that can be added to their organisation’s Microsoft Office 365 accounts.
By clicking the new button, employees will report potential scams directly to the NCSC’s Suspicious Email Reporting Service (SERS) as well as their organisation’s IT team. The automated NCSC service will process emails and take down previously unseen malicious content where found.
Since its launch in April 2020, the Suspicious Email Reporting Service has received over 6,500,000 reports from the public – resulting in the removal of more than 97,000 scam URLs. This July, it took just four hours on average to remove malicious URLs in phishing emails reported to the SERS.
NCSC Technical Director Dr Ian Levy said:
“Opportunistic scams during the pandemic have demonstrated how cyber criminals constantly find new ways to target us.
“The good news is that you can help protect your workplace by forwarding suspected scam emails to the Suspicious Email Reporting Service from your work email account at the click of a button.
“This simple technical innovation could enable millions more people to join our mission to stop scam emails from ever reaching UK inboxes.”
Federation of Small Businesses National Chair Mike Cherry said:
“Innovations like this are crucial to calling time on business crime. Small achievable steps will go a long way to protect thousands of small firms from cyber attacks. Every year, there are almost four million cases of cyber attacks against small businesses in the UK, and more than 50 per cent of these come from phishing.
“We'd encourage as many small firms as possible to look further into this NCSC tool and see how they can implement it to protect employees as well as businesses from harm. And anyone can take part, any small business, employee or self-employed person can forward attempted scam emails to firstname.lastname@example.org.”
“These systems not only help prevent disruption to small firms today but will become increasingly important to help safeguard small businesses for the future.”
Organisational filtering systems block most phishing attacks before they reach staff inboxes, but cyber criminals are innovative and some scam emails can bypass defences in place.
Typical phishing URLs identified by NCSC experts that target organisations in particular include;
- Malware: Employees will be tricked into downloading malware onto their work computer. They could unwittingly download malware from a scam URL emailed to them that appears to be operated by IT support.
- Clone login pages: Employees can unwittingly enter personal details into fake, but legitimate appearing, login page URLs sent via email.
- Enterprise software spoofs: Emails containing fake alerts from popular pieces of workplace software, such as Microsoft Teams, direct targeted employees to a legitimate appearing URL which harvest personal details.
The NCSC is taking unprecedented action to remove malicious scams from the internet as part of its Active Cyber Defence programme.
Working in partnership with the City of London Police, the NCSC is committed to protecting organisations from cyber crime, which cost over £5 million in the last 13 months.
Temporary Commander, Clinton Blackburn, of the City of London Police, said:
“Sadly, criminals will use every opportunity they can to trick people into handing over their personal and financial details. Phishing messages provide criminals with a gateway to obtain this information, which they will then use to commit fraud.
“This new reporting tool means that employees can protect their workplace by reporting phishing emails at the click of a button — which provides the police with more information about who is behind these crimes — preventing more people from falling victim.“
Where organisations cannot install the button, employees are still be encouraged to forward or attach scam emails to send to email@example.com.
Latest News from
National Cyber Security Centre
NCSC Director gives advice to viewers of BBC's Rip-Off Britain on tackling scams19/10/2021 09:15:00
Nicola Hudson, NCSC Director Policy and Communications, appeared on BBC's Rip-Off Britain to talk about tackling scams and what can be done to take them down.
Three universities gain recognition from experts for their top cyber security education08/10/2021 11:15:00
Three more UK universities recognised by the National Cyber Security Centre (NCSC) for promoting cyber security education on campus and beyond.
NCSC Director scoops prestigious cyber award30/09/2021 11:25:00
Paul Chichester, Director of Operations at the NCSC, has been recognised at the National Cyber Awards.
Formula for success: Top schoolgirl codebreakers rewarded with trip to home of McLaren racing29/09/2021 13:05:00
High-performing girls in the UK’s flagship cyber contest for schools rewarded with visit to McLaren Technology Centre
Top of the class: Schools awarded by experts for high quality cyber teaching20/09/2021 12:20:00
Sixteen schools and colleges achieve recognition from the NCSC for excellence in cyber security education.
UK and US cyber security leaders meet to discuss shared threats and opportunities13/09/2021 11:15:00
National Cyber Security Centre CEO and Director of the US Cybersecurity and Infrastructure Security Agency meet in London.
Record number of teenagers sign up to develop cyber skills over summer26/08/2021 16:20:00
Participation at all-time high for CyberFirst summer courses, led by the National Cyber Security Centre (NCSC).
Tech startups join UK cyber experts to address security challenges11/08/2021 09:15:00
The first companies to work with the NCSC for Startups initiative have been selected.