NCSC records 15-fold increase in online scam removal

More than 700,500 online scams were taken down by the agency last year

The National Cyber Security Centre (NCSC) took down more online scams last year than in the previous three years combined.

The NCSC says a surge in coronavirus and NHS-themed cyber crime since the start of the pandemic led to the agency recording a massive 15-fold increase in the removal of online frauds in 2020 compared with 2019.

The findings are included in the fourth annual report on the NCSC's Active Cyber Defence (ACD) programme, a pioneering service that was started in 2016 to protect Britons from millions of cyber attacks and which was expanded during 2020.

The agency says there was a surge in the number of phishing campaigns using NHS branding to deceive victims; its ACD programme dealt with 122 NHS-related phishing campaigns in 2020, compared to 36 in 2019.

Attackers used Covid-19 vaccine rollout as a primary lure in their text and email messages to steal people's personal data for fraud.

Some 43 fake NHS Covid-19 Test and Trace apps hosted outside of official Google and Apple app stores were pulled by NCSC last year.

HM Revenue & Customs (HMRC) was the most copied brand used by scammers, followed by the Government's gov.uk website and TV Licensing. Scammers used HMRC branding in more than 4,000 fraud campaigns, according to the NCSC.

More than 700,500 online scams were taken down by the agency last year, which accounted for 1,448,214 URLs in total.

The agency also saw a massive surge in fake celebrity endorsement scams fuelling a crime wave since the start of the pandemic.

There was also an increase in scams corresponding with news of changes to TV Licensing entitlements for UK pensioners in July 2020.

Last year, the NCSC also introduced its 'Suspicious Email Reporting Service' as part of the ACD. This service received nearly 4 million reports of suspect emails from members of the public in 2020 alone. It led to removal of nearly 26,000 scams that were not previously identified by the Takedown Service.

In November 2020, the NCSC stated in its annual review that its agents responded to 723 cyber attacks involving 1,200 victims during the 12-month period from September 2019 to August 2020, of which 194 were specifically related to Covid-19 pandemic. While some incidents appeared to come from state-sponsored actors, most were criminal in nature.

The agency also said at the time that it had thwarted 15,354 campaigns that used coronavirus themes to trick people into clicking on malicious links or opening attachments containing malicious programmes. Some campaigns also involved fake stores selling personal protective equipment (PPE) kits, test kits and even coronavirus vaccines.

Earlier in May 2020, NCSC urged healthcare organisations to strengthen their cyber security measures to spoil attacks from threat actors looking to steal confidential information on Covid-19. It warned that hackers were specifically employing "password spraying" tactics in hopes of gaining access to user accounts through commonly used passwords.