In the United Kingdom, Her Majesty’s Revenue and Customs (HMRC) – the UK government department responsible for tax collection – is often impersonated in order to conduct cyberattacks.
Phishing campaigns using this mode of attack have been surging in the past year, with official figures obtained by Lanop Outsourcing under a Freedom of Information request showing the growth in HMRC impersonation attacks to be 87% with the amount of attacks jumping from 572,029 in 2019/2020 to 1,069,522 in 2020/2021.
Email scams are the most common phishing vector and the most often leverage lures being fake notifications about tax rebates and refunds. These grew by 90% in the last year and the amount of HMRC phishing attacks sent using email grew by 109% to 630,193. Additionally growth was experienced in text-based phishing (smishing) campaigns. These jumped by 52% year-over-year and voice phishing (vishing) attacks were up by 66%.
Another public body which was used to try and trick recipients via impersonation scams was the Driver and Vehicle Licensing Agency (DVLA). There was a massive 661% increase in reports of phishing scams impersonating the DVLA during the past 12 months.
While these attacks are mainly focused on individuals they are also a serious concern for business groups due to their aim of stealing sensitive data such as passwords. If they get hold of these then there is a strong possibility that they will be used in attacks on companies. Phishing campaigns also attempt to spread malware to business networks. If this is successful then hackers can access the databases before moving laterally and cause damage across an entire group network.
In order to defend your company from attacks like this it is vital to implement a thorough set of measures. Staff training is crucial so that those using the systems and software on your network know how to spot and mark an incoming cyberattack. As a minimum all staff should be aware what to do if a suspicious email lands in their inbox. When staff are engaging in distance and remote working, as is more common than ever these days, this is even more important.
All we all know is that staff training will not completely eliminate mistakes from happening. Individuals will either fail to pay sufficient attention, due to burn out or lack of interest, or try to use a shortcut, to get their work done more quickly, which is not best practice for cybersecurity. This means that you need a robust cybersecurity suite to bolster the staff training method and keep your organization safe.
A robust cybersecurity suite will alway include an advanced spam filtering solution that will spot and block phishing attacks. Remember that all spam filters are not created equal though. Some are proficient at tackling phishing emails from known malicious IP addresses only. However, stronger solutions like SpamTitan are able to spot previously unseen phishing scams thanks to artificial intelligence and predictive technologies for addressing the danger posed by zero-day attacks. Additionally sandboxing fights malware attacks that have not yet been added to antivirus engines and DMARC mitigates the dangers presented by email impersonation attacks.
In order to safeguard your group from these types of attack contact TitanHQ now to discover more in relation to enhancing your cybersecurity suite.