February 5, 2021

FCA bombarded with 80,000 malicious emails per month

By Robert Scammell

The UK’s Financial Conduct Authority (FCA) was targeted with an average of 80,000 malicious and unsolicited emails per month during the final quarter of 2020, a freedom of information (FOI) request has shown.

The FOI request, obtained by Griffin Law, reveals that a total of 238,711 malicious emails were sent to the financial regulator over the final three months of 2020.

Analysis by the law firm shows that 99% of all blocked emails were defined as ‘spam’. While this includes marketing emails, it also includes phishing emails in which a hacker impersonates a brand or person in an attempt to steal data.

These emails were all blocked by the FCA’s security system. Emails potentially containing malware totalled 2,402 during the October to December period.

The majority of malicious emails – 84,723 – took place in November.

“This is a worrying number of attacks on a government agency well equipped to protect itself. It suggests that the negative potential of spam and malware for the rest of us is massive,” said Donal Blaney, principal, Griffin Law.

“Obviously, we should all do as the FCA did here: ensure all devices are protected and be vigilant. Check and double-check before clicking, responding or providing personal data. On a larger scale, it’s time we went after the organised criminals behind this scourge on society. Phishing is not a victimless crime and we should be doing more to end it.”

In February 2020 the FCA accidentally revealed the personal information of around 1,600 people while replying to a separate FOI request.

Cybersecurity specialist Tim Sadler, CEO, Tessian said:

“Cybercriminals, undoubtedly, want to get hold of the huge amounts of valuable and sensitive information that FCA staff have access to, and they have nothing but time on their hands to figure out how to get it. It just takes a bit of research, one convincing message or one cleverly worded email, and a distracted employee to successfully trick or manipulate someone into sharing company data or handing over account credentials.

“Businesses must make their people aware of how they could be targeted, especially when working remotely, and ensure they have the technology in place to prevent people falling for the scams.”

Read more: Researchers discover three “severe” SolarWinds vulnerabilities


Verdict deals analysis methodology

This analysis considers only announced and completed deals from the GlobalData financial deals database and excludes all terminated and rumoured deals. Country and industry are defined according to the headquarters and dominant industry of the target firm. The term ‘acquisition’ refers to both completed deals and those in the bidding stage.

GlobalData tracks real-time data concerning all merger and acquisition, private equity/venture capital and asset transaction activity around the world from thousands of company websites and other reliable sources.

More in-depth reports and analysis on all reported deals are available for subscribers to GlobalData’s deals database.

Topics in this article: