The Financial Conduct Authority (FCA) was hit by 258,711 malicious and unsolicited emails in the final three months of 2020, averaging 80,000 email attacks per month.

The figures, revealed by a Freedom of Information (FOI) request submitted by Griffin Law, found that from October to December of last year, 99 per cent of blocked emails to the financial regulator were defined as spam.

This includes unsolicited marketing and advertising emails, as well as phishing emails.

The data reveals that 2,402 emails across the three months were marked as potentially containing malware.

These emails generally included malicious content designed to disrupt, take over, or damage software or data.

November saw the highest number of email attacks, with the FCA recording 84,723 total malicious emails, 831 of which were defined as malware emails.

October 2020 recorded 81,799 total emails blocked, but with a higher number of malware attacks (1,003.)

There were 72,288 blocked emails in the final month of 2020, 568 these emails contained malware.

The figures show that all cyber attacks sent to the FCA across the time period were successfully blocked.

Donal Blaney, principal, Griffin Law, which obtained the FOI request, added: “This is a worrying number of attacks on a government agency well equipped to protect itself. It suggests that the negative potential of spam and malware for the rest of us is massive.

"Obviously, we should all do as the FCA did here: ensure all devices are protected and be vigilant. Check and double-check before clicking, responding or providing personal data. On a larger scale, it’s time we went after the organised criminals behind this scourge on society. Phishing is not a victimless crime and we should be doing more to end it.”

Commenting on the figures, Tim Sadler, chief executive at Tessian, an email security firm, said: "The scale of the phishing problem, today, is huge.

“Our own data showed an uptick in the number of social engineering and wire fraud scams in the last six months of 2020. Why? Because it's much easier to hack a human to hack an organisation than it is to hack a company's software.

He added: “Cybercriminals, undoubtedly, want to get hold of the huge amounts of valuable and sensitive information that FCA staff have access to, and they have nothing but time on their hands to figure out how to get it. It just takes a bit of research, one convincing message or one cleverly worded email, and a distracted employee to successfully trick or manipulate someone into sharing company data or handing over account credentials. Businesses must make their people aware of how they could be targeted, especially when working remotely, and ensure they have the technology in place to prevent people falling for the scams."

FStech has reached out to the FCA for comment.

Share Story: