More than 746,000 NHS phishing emails blocked in a month

By Mary-Ann Russon

More than 746,000 phishing emails pretending to be from the NHS were blocked in just one month in 2017, the National Cyber Security Centre says.

A report¬†on the first year of the GCHQ unit’s cyber-defence programme found that it removed 121,479 phishing sites hosted in the UK.

This reduced the UK’s share of global phishing attacks from 5.3% to 3.1%.

Three-quarters of UK government-related phishing sites were taken down in 24 hours.

Phishing emails trick users into visiting websites that impersonate known brands and ask the user to log in to their account.

This enables attackers to gather confidential login details or financial information.

Phishing emails are also used to trick people into opening malicious email attachments that install malware on their computers.

The methods of reducing phishing involved using various security scanning systems to perform millions of tests on government websites and emails being sent in and out of government networks.

‘Simple things’

“What they’ve done is not rocket science – the technology’s been around for a while, but they’ve managed to persuade various government departments to do the simple things to reduce cyber-security threats dramatically,” cyber-security expert Prof Alan Woodward, from Surrey University, told the BBC.

“Phishing emails from HM Revenue and Customs (HMRC) used to be the most common emails you’d see, but they got the HMRC to put the technology in place, and the spoofing emails dropped to zero in a matter of days.”

Cyber-security expert Graham Cluley said that technologies used were not new, but the NCSC’s efforts had produced “impressive results”.

“Of course they won’t have caught every phishing attempt, but they will have helped stamp out many of the most convincing attacks,” he told the BBC.

Martyn Thomas, Gresham College’s professor of IT, agreed: “I think their success rate on stopping really legitimate-looking spam is really high and they are to be congratulated.”

While Prof Thomas felt that the NCSC would benefit from having a “longer-term vision” when it came to cybersecurity, he felt the fact that the government agency could gain intelligence from GCHQ on potential cyber-attacks gave it an edge over commercial cybersecurity contractors.

NHS targeted

Prof Woodward said the NCSC’s work was “an important development” because the organisation was able to close down the opportunity for people to pretend to be from within the NHS, which would help to prevent future attacks.

“The biggest problem is people pretending to be within,” he said. “Whenever you receive something that seems to come from your own network, you inherently trust it.”