Freely subscribe to our NEWSLETTER

“The figure of £177.6 million is almost certainly a significant under-reporting, given the nature of crime related statistics and the well-known hurdles to reporting that many victims face. In some cases individuals or organisations will not have realised they have even been scammed. As an example of the potential significance of under-reporting, BCS data is widely believed to represent merely the tip of the iceberg on UK crime data as a whole, and likely representing only around 10% of the actual crime figure. A significant hurdle here may well be a misconception or perception on behalf of any victim that no monies are retrievable and so no report is made, it can be perceived as a waste of time.

We constantly see cybercriminals targeting people using current events to trick them into sharing their personal and financial information. Recently, we have seen criminals use events such as the cost-of-living crisis and rising energy bills as an opportunity to impersonate government departments and energy providers. These criminals are then able to steal the personal information of victims, which can be used in other criminal activity or sold on the dark web.

These threats are continuing to increase, and Mimecast’s 2022 State of Email Security Report found that 90% of organizations experienced an impersonation attack over the previous 12 months. Businesses must do more to protect themselves from these attacks by implementing a security framework that protects their most vulnerable attack vector: the intersection of business communications, people, and data. This approach is the most effective way to navigate the modern threat landscape. In addition, it’s critical to implement Domain-based Message Authentication Reporting and Conformance (DMARC) for all email services. DMARC is an email authentication, policy, and reporting protocol that layers on two protocols already widely used by organizations: SPF (Sender Policy Framework) and DKIM (DomainKeys Identified Mail). If a particular email fails both protocols, DMARC helps receiving mail servers determine whether to accept, block, or quarantine the message. By leveraging DMARC, organizations can set policies that help prevent spoofed emails from reaching employees, customers, and supply chain partners.

From a consumer perspective, people have to be extra vigilant and take steps such as never clicking links in emails and navigating to the website in question from your browser if in any doubt. People must be aware of these scams and stay alert to ensure they are not duped. Email phishing campaigns will continue to be prominent, so we should always be wary of unsolicited and too-good-to-be-true emails.”