UK's NCSC removed more than 2.7 million online scams in 2021

Social engineering attacks like phishing were especially common

Image:
Social engineering attacks like phishing were especially common

Scammers used a variety of themes, including NHS vaccinations and celebrity impersonations

The National Cyber Security Centre (NCSC), a division of the GCHQ spy agency, helped to stop a record 2.7 million online scams in 2021, four times the previous year's total.

The most prevalent frauds were celebrity impersonations and bogus extortion emails, although scammers also used several other themes, including NHS vaccinations and vaccine passports - and, in one particularly bold case, impersonating NCSC chief executive Lindy Cameron.

NHS-related scams were especially common due to the Covid-19 pandemic. Last year the NCSC removed more 1,400 NHS-themed phishing efforts, an 11-fold increase over 2020, including bogus vaccination distribution messages and certificates.

The massive increase in overall online scam removal, though, was due to the NCSC expanding its services to combat a broader spectrum of frauds, rather than an overall increase in malicious content.

The frauds were investigated as part of the agency's Active Cyber Defence (ACD) programme, which focuses on high-volume attacks on individuals, businesses and organisations.

The NCSC says public reports of suspicious emails, messages and websites helped the agency in its work.

The new data comes as the NCSC kicked off its annual CyberUK conference, bringing together cybersecurity experts to address major concerns in the sector.

"As we kick off CyberUK, the latest ACD figures shine a light on how the NCSC has responded to emerging cyber threat trends and security issues to keep the UK safe at scale," said Lindy Cameron.

"We know that scammers will go to great lengths, and indeed my name has been used to try to trick people, but as we continue to expand our defences we can see the tangible impact this is having."

The figures highlight the "crucial interventions" the NCSC can make to eliminate online threats, deter attackers, and strengthen public's collective cyber resilience, according to Dr Ian Levy, the NCSC's technical director.

In 2020, the NCSC took down more than 700,500 online scams, which accounted for more than 1.4 million URLs in total. The agency also introduced its 'Suspicious Email Reporting Service' as part of the ACD, and received nearly 4 million reports of suspect emails from members of the public.

It led to removal of nearly 26,000 scams that were not previously identified by the Takedown Service.

Sir Jeremy Fleming, GCHQ director, told the CyberUK conference that the present serious global economic situation means "the need to make the UK the safest place to live and do business online is ever more relevant".

Fleming said that the UK must continue to focus on cybercriminals and other threat actors who are continuously changing their strategies in order to profit from unlawful activities.

He added that the National Cyber Force (NCF), a collaboration between the Ministry of Defence and GCHQ, had been disrupting cybercrime on an "immense scale".