FCA ‘hit by 80,000 malicious emails a month’

SME Publications/ SME XPO 2024

The Financial Conduct Authority was targeted by nearly a quarter of a million malicious and unsolicited emails over the final three months of 2020 – an average of around 80,000 per month.

This is according to official figures obtained via a Freedom of Information Act request analysed by Griffin Law, a leading litigation firm.

In the FCA’s response included a breakdown of all emails blocked by their system from October to December 2020. Ninety-nine per cent were defined as ‘spam’, which includes everything from unsolicited marketing to advertising emails. More than 2,400 emails potentially containing ‘malware’.

November was the highest month for attacks, with the FCA recording 84,723. October 2020 recorded 81,799 blocked and 72,288 in December.

This news arrives less than a year after the FCA was criticised for accidentally revealing personal information of about 1,600 people. This incident saw the FCA publish names, addresses and phone numbers in a document on its website, in response to a previous request for data under the Freedom of Information Act.

All known cyber attacks sent to the FCA were blocked, and over the course of the pandemic the FCA has regularly issued warnings about scam campaigns designed to trick individuals and businesses into leaking their confidential information, or send money to a wrong account.

Cybercriminals want to get hold of the huge amounts of valuable and sensitive information that FCA staff have access to

Donal Blaney, principal at Griffin Law, said: “This is a worrying number of attacks on a government agency well equipped to protect itself. It suggests that the negative potential of spam and malware for the rest of us is massive.

“Obviously, we should all do as the FCA did here: ensure all devices are protected and be vigilant. Check and double-check before clicking, responding or providing personal data. On a larger scale, it’s time we went after the organised criminals behind this scourge on society. Phishing is not a victimless crime and we should be doing more to end it.”

Cyber security specialist Tim Sadler, CEO of Tessian said: “The scale of the phishing problem, today, is huge. Our own data showed an uptick in the number of social engineering and wire fraud scams in the last six months of 2020.  

Cybercriminals, undoubtedly, want to get hold of the huge amounts of valuable and sensitive information that FCA staff have access to, and they have nothing but time on their hands to figure out how to get it.

“It just takes a bit of research, one convincing message or one cleverly worded email, and a distracted employee to successfully trick or manipulate someone into sharing company data or handing over account credentials.

“Businesses must make their people aware of how they could be targeted, especially when working remotely, and ensure they have the technology in place to prevent people falling for the scams.”



SME Publications/ SME XPO 2024