Individuals in the United Kingdom are targeted by sophisticated phishing campaigns to target finances and personal details, taking advantage of the rising cost of living and post-COVID changes. This article delves deep into the latest UK phishing campaign, shares key statistics, how fraudsters target brits, and how to protect against phishing.
Fraudsters and cybercriminals are causing trouble in the UK, targeting brits each month with advanced phishing campaigns. The latest report by UK’s ONS (Office for National Statistics) shares how fraudsters have adapted their phishing method post-COVID-19 to take advantage of the cost-of-living crisis by offering council tax and energy bill rebates. With the phishing campaign growing exponentially and causing financial troubles for innocent victims in a time of crisis, here is everything the report entails and how you can stay safe from the menace.
Key Statistics from the ONS Phishing Report
- Smishing, i.e., phishing via text messages, is just as common as its counterpart.
- 32% of victims receive smishing messages via text or instant messaging, and 34% receive phishing emails.
- 54% of phishing emails impersonate delivery services and take advantage of WFH (Work from Home) and e-commerce.
- Nearly 700,000 individuals across Wales and England click on phishing links, and almost 11%, i.e., 80,000, compromised personal information on phishing links.
How did COVID-19 Affect Phishing Attacks in the UK?
With the adoption of WFH and most sectors shifting to digital services, fraudsters have also adopted their phishing tactics to target innocent victims who are still not skilled at identifying the challenges or threats of the online world.
COVID-19 accelerated the existing phishing menace and supplied ideas to cybercriminals who began targeting individuals in new ways. This year, 4.8% of all online frauds were related to COVID-19, with cyber criminals even impersonating as the UK’s NHS (National Health Service) agency to convince victims that they were in contact with or carrying the Omicron variant of the coronavirus. Thus, threat actors have been playing with the fear and lives of individuals for personal gain.
The Latest in UK Phishing Scams: Threat Actors Misuse the Rising Cost of Living
The NFIB (National Fraud Intelligence Bureau) discovered new phishing trends, with individuals lower on the financial ladder being targeted more. Promising energy and council taxes rebates and urging Brits to apply for “Cost of Living Payment,” fraudsters mimicked authentic federal websites. With people being unaware of the phishing campaign, 35% of the victims revealed they did so for financial gains and another 30% to pay their bills.
Here is an example of a message impersonating government support that targets UK victims.
(Phishing Message Impersonating UK Government Support, Source: ONS)
The phishing scheme was accompanied by a smishing campaign with text messages asking victims to check their eligibility for phony projects and providing a phishing link.
Tactics of the UK Phishing Campaign
The SERS (Suspicious Emails Reporting Service) received over 1500 reports in just 14 days. These reports revealed data about three types of phishing scams in the UK, including:
- Phishing Emails impersonating Ofgem: These reports pointed to scam artists using phishing links and impersonating Ofgem, UK’s energy regulator, offering energy rebates. The phishing emails were enhanced with Ofgem’s logo and colors to avoid detection by the untrained eye and featured “Claim you bill rebate now” as the email subject.
- Smishing Messages impersonating Banks and Government Services: The phishing campaign also uses smishing messages, with 32% of individuals receiving messages from building societies or banks and 25% receiving them from UK government services. Over half the phishing emails impersonate delivery enterprises, followed by financial institutions or building societies at 32%, e-commerce platforms at 29%, government services at 25%, cloud services at 7%, telecoms at 6%, and ESPs (Email Service Providers), Utilities, and supermarkets in under 5% of the phishing messages.
- Whatsapp Phishing as Relatives and Children: Even the most renowned message-sharing application, Whatsapp, is not safe from phishing. The NFIB also saw a surge in phishing scams that employed Whatsapp to target victims, posing as acquaintances or even their children. The threat artists approached victims by initiating conversations with “Hello Dad” or “Hello Mum.” The fraudsters would say that the older phone was lost or damaged, hence the new number for contact, and would ask for money to cover the expense of a new mobile or to pay urgent bills. Over 1235 incidents were reported regarding WhatsApp phishing between February and June 2022, with over £1.5 million lost to the scam.
Other scams were reported where the threat artists impersonated organizations such as Tesco and Amazon, offering gift cards, rewards, and vouchers in exchange for personal details.
Who Do Fraudsters Target with the UK’s Phishing Campaign?
The report shared valuable insights into the age group of the Brits mostly targeted by the UK phishing campaign. Those aged 25 to 34 are 58%, and the ones between 35 and 44 are 60% more likely to be targeted with phishing messages, with the latter being more likely to respond to phishing emails or messages, as shown.
(Age Group to Phishing Targets/ Respondent Graph, Source: ONS)
Furthermore, the UK phishing campaign targets young Brits as these are generally the individuals with disposable income to lose, followed by middle-aged individuals who are homeowners and also have children. The report also shared that individuals are substantial targets for the UK phishing campaign if they are:
- Married or Cohabitating
- Homeowners or Renters
- Are from lesser deprived areas of England
How to Protect Against the Latest Phishing Campaign in the UK?
Did you know the NCSC received over 13 million suspicious email reports, including 174,000 websites and 95,000 scams, until August 2022?
Phishing is a social engineering cybercrime where threat actors entice innocent victims, leading them to fake web portals or web pages designed to steal private information or finances. Now that you know how the threat actors are targeting individuals in the UK, you can be vigilant and protect yourself if approached similarly. However, you cannot be privy to every tactic out there, so you must follow some defined steps to stay safe from all phishing emails and messages.
- Phishing Recognition: Phishing emails often come with rewards and offers or create an urgency for invoices. Threat actors try to cloud your judgment by tricking you with a false penalty or reward that needs to be paid or redeemed within a certain time. Always be wary of such urgency in emails and text messages.
- Avoid Unsolicited Senders: Phishing emails are generally unsolicited. You should avoid emails from unknown senders. However, these can also impersonate any website or even relatives, so it would be best to cross-check the information before clicking on any link or taking action.
- Avoid Suspicious Links: Phishing emails and messages often come with phishing links. These links take you to fake websites to steal your finances and data. It would be best to cross-check the details or refer to the authentic website on Google to avoid fake ones.
- Look out for Phishing Signs: There are simple tell-tale signs of phishing emails that can also give them away. With a difference in domain names, such as the sender using a Gmail address but claiming to be from Microsoft, you can be sure that it is a phishing email. Other things to look out for include grammatical errors, unexpected attachments, shortened URLs (Uniform Resource Locators), or redirecting links.
It would be best if you also referred to NCSC’s guidelines on phishing spotting and avoiding phishing emails, texts, calls, websites, and more.
Cybercrimes have been on the rise worldwide, but the latest phishing campaign in the UK, targeting innocent Brits, and creating a cost of living crisis, is certainly a new low. With phishing rising each day and Brits getting targeted, you can easily stay protected by following the above steps. And remember to report all suspicious phishing emails and activity to the NCSC.