Skip to the content

Report shows surge in government themed phishing


Mark Say Managing Editor

Get UKAuthority News


Phishing attacks using UK government themes more than doubled during 2020, with the largest number targeting the brand of HM Revenue and Customs (HMRC), according to the National Cyber Security Centre (NCSC).

Its newly published fourth annual report on the Active Cyber Defence (ACD) service has also highlighted a big increase in phishing using NHS branding over the year.

The ACD programme was introduced in 2016 and comprises a number of services to provide protection from online threats, including Mail Check, Web Check, Protective DNS, Exercise in a Box and the Suspicious Email Reporting Service.

It identifies phishing – a fraudulent attempt to obtain sensitive information or data – as the largest cyber threat involving the public sector. Its figures on takedowns of phishing campaigns show 11,286 for 2020, up from 4,471 the previous year, while the takedowns of URLs totalled 59,435, up from 25,741.

They were hosted all over the world, with the median availability being 21 hours and 52% taken down with 24 hours of discovery.

The pretence of coming from HMRC was used in 22,148 attacks and in 4,249 campaigns, followed by the generic GOV.UK with 16,945 and 3,322 respectively, then TV licensing with 13,658 and 3,035

The next most common forms of attack were malware attachments mail server (2,890 in 2020) and advance fee fraud (2,310).

NHS instances

NCSC emphasises the attempts to exploit NHS names as the Covid-19 pandemic spread, saying that 122 relevant phishing campaigns were detected during the year compared with 39 in 2019.

Among the lures were those using the Covid-19 NHS vaccine roll out, the first of which was picked up in December. Others included fake or unofficial copies of the NHS Test and Trace mobile app. 43 apps hosted and available for download outside the official channels of Apple and Google app stores were removed.

The report says that attacks related to other public services included a surge in those focused on TV licensing that came with news of changes to entitlements for pensioners in July 2020.

There was also an attempt to clone part of the GOV.UK website in December. The attack was quickly blocked and the relevant departments notified.

On a positive note, NCSC claims a success with the Suspicious Email Reporting Service, a feature of the ACD programme launched in April 2020 which received nearly 4 million reports of suspect emails from the public last year.

Protecting UK

Lindy Cameron, NCSC CEO, said: “The ACD report offers a helpful insight into just some of the ways the NCSC has adapted to protect the UK during the pandemic.

“Whether it has been protecting vital research into the vaccine or helping people work from home securely, the NCSC has worked with partners to protect the digital homeland during this unprecedented period.

Dr Ian Levy, the organisation’s technical director, said: “The bold defensive approach taken by the ACD programme continues to ensure our national resilience and so I urge public bodies, companies and the general public to sign up to the services available to help everyone stay safe online.”

NCSC added that the report comes ahead of the launch of a new online service alerting organisations to potential cyber attacks affecting their networks. The Early Warning service has been designed to help organisations defend against attacks by providing timely notifications about possible incidents and security issues.

Image from iStock, Ysuel

Register For Alerts

Keep informed - Get the latest news about the use of technology, digital & data for the public good in your inbox from UKAuthority.