NCSC Phishing emails

The National Cyber Security Centre (NCSC) has revealed a 33 per cent increase in the number of potentially malicious emails reported by businesses and individuals in 2022. 

That’s according to the agency’s sixth annual report into the Active Cyber Defence (ACD) initiative, which, released today, revealed that its Email Reporting Service (SERS) received a record-breaking 7.1 million reports last year alone. 

The agency claimed these reports had enabled it to take nearly a quarter of a million malicious website links offline since April 2022. 

The NCSC also revealed a 39 per cent overall increase in take-up of the ACD’s free services designed to help protect even organisations without dedicated cybersecurity expertise.

This increase includes a 60 per cent rise in users of its Mail Check service designed to improve compliance with DMARC and other email anti-spoofing/privacy controls. The NCSC’s Web Check service also increased its user base by 26% year-on-year in 2022.

The NCSC also boasted a 38 per cent annual increase in customer organisations signing up to use its Early Warning service, which informs them of potential attacks on their network. 

Over 500 of them were warned of potential active malware in their systems, 2270 were warned about vulnerabilities and 1193 about a host on their network scanning the internet, which might be malicious.

“In a cyber threat environment that resembles the Hydra – cut down one attack, another springs up in its place – ACD is once again doing unparalleled work to keep the country safe,” said Jonathon Ellison. NCSC director for national resilience and future technology.

“As this latest report shows, cybersecurity is not the sole preserve of tech specialists: businesses are increasingly alive to and eager to engage with the cyber risks they face, signing up in swathes to make the most of NCSC data and expertise.” 

Topical Phishing Scams Surge 

As well as a rise in the number of malicious email reports, the NCSC also reported a surge in the number of criminals exploiting topical events to make phishing attempts more convincing. 

These scams take advantage of the current macroeconomic conditions to lure vulnerable businesses and individuals through fake tax rebate sites and government support schemes. 

In September and October 2022, for instance, the NCSC reported an influx of phishing scams related to the government’s Enegery Bills Support Scheme. 

Energy Bill Phishing scam example used in NCSC's report.
Energy bill phishing scam

These URLs typically included keywords such as ‘rebate’, ‘grant’ and ‘scheme’ to sound legitimate.

A Call for small businesses 

The reduce the risk of these sorts of threats, the NCSC called on small businesses to take action and report malicious activity when they see it. 

Small businesses have a key role to play in making it safer to work and live online, which is why we’re making it even easier for them to shore up their defences with accessible, free tools and soon, to manage these effortlessly via our integrated MyNCSC platform.

Jonathon Ellison, NCSC 

Small businesses make up 99 per cent of the UK’s business ecosystem. Given their vulnerability, in 2022 NCSC launched two accessible ACD services to help more small businesses to protect themselves. 

Martin McTague, National Chair of the Federation of Small Businesses (FSB), believes it is critical to take up on the support they have been given to reduce the risk of attack. 

“While security is important, we’ve long championed building cyber resilience among small firms, given the persistent risk of cybercrime,” McTague said. 

“A fifth of small businesses see cybercrime as the most impactful crime in terms of both cost and disruption to their operations. NCSC is doing the right thing by making its services accessible to SMEs so that they can better protect themselves in the digital world.”