Airport Email Scam Thwarted by UK

An attempt to defraud thousands of people using a bogus email from a UK airport was one of a range of cyber-attacks prevented last year.

The scam used a fake gov.uk address, but the messages were prevented from ever reaching their intended recipients.

The details were revealed by GCHQ’s National Cyber Security Centre in an annual report.

In all, NCSC disclosed it had stopped 140,000 separate phishing attacks.

This refers to the attempted online theft of bank details and other sensitive information by impersonating a trustworthy person or organisation.

In addition, the agency said it had taken down 190,000 fraudulent sites.

This often happened quickly. The centre said that 64% of illegal sites were offline within 24 hours of being discovered and 99.3% eventually went dark.

This is the second time NCSC has published a progress report for its Active Cyber Defence programme. The effort – which uses a mix of automated processes to defeat internet-based threats to the UK – was launched in late-2016.

One focus is to take down malware and phishing sites. This is normally done by finding out who hosts the websites involved and then telling them that their clients are running a criminal operation. Most providers take down the pages quickly, although there are some exceptions.

NCSC has not shared the name of the airport the fraudsters attempted to impersonate last August.

But it did say that the failed scheme involved sending 200,000 emails to members of the public asking them to pay a fee in order to receive a larger refund.

Had the intended victims paid the sum, they would have got nothing in return.

The security centre also took the criminals’ real email address offline to ensure they could not receive any replies.

Another success was an apparent reduction in the number of attacks in which fraudsters had posed as HM Revenue and Customs.

Scammers often pretend to offer individuals tax refunds if they provide bank accounts and a facilitation payment.

At the start of January 2016, HMRC was the 16th most popular disguise used in phishing emails.

By the end of 2019, a series of new measures had reduced its global ranking to 146th.