The UK’s Financial Conduct Authority (FCA) was targeted with an average of 80,000 malicious and unsolicited emails per month during the final quarter of 2020, a freedom of information (FOI) request has shown.

The FOI request, obtained by Griffin Law, reveals that a total of 238,711 malicious emails were sent to the financial regulator over the final three months of 2020.

Go deeper with GlobalData

Premium Insights

The gold standard of business intelligence.

Find out more

Analysis by the law firm shows that 99% of all blocked emails were defined as ‘spam’. While this includes marketing emails, it also includes phishing emails in which a hacker impersonates a brand or person in an attempt to steal data.

These emails were all blocked by the FCA’s security system. Emails potentially containing malware totalled 2,402 during the October to December period.

The majority of malicious emails – 84,723 – took place in November.

“This is a worrying number of attacks on a government agency well equipped to protect itself. It suggests that the negative potential of spam and malware for the rest of us is massive,” said Donal Blaney, principal, Griffin Law.

How well do you really know your competitors?

Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.

Company Profile – free sample

Thank you!

Your download email will arrive shortly

Not ready to buy yet? Download a free sample

We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form

By GlobalData
Visit our Privacy Policy for more information about our services, how we may use, process and share your personal data, including information of your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.

“Obviously, we should all do as the FCA did here: ensure all devices are protected and be vigilant. Check and double-check before clicking, responding or providing personal data. On a larger scale, it’s time we went after the organised criminals behind this scourge on society. Phishing is not a victimless crime and we should be doing more to end it.”

In February 2020 the FCA accidentally revealed the personal information of around 1,600 people while replying to a separate FOI request.

Cybersecurity specialist Tim Sadler, CEO, Tessian said:

“Cybercriminals, undoubtedly, want to get hold of the huge amounts of valuable and sensitive information that FCA staff have access to, and they have nothing but time on their hands to figure out how to get it. It just takes a bit of research, one convincing message or one cleverly worded email, and a distracted employee to successfully trick or manipulate someone into sharing company data or handing over account credentials.

“Businesses must make their people aware of how they could be targeted, especially when working remotely, and ensure they have the technology in place to prevent people falling for the scams.”

Read more: Researchers discover three “severe” SolarWinds vulnerabilities