Half of UK adults have been sent a phishing message and those aged 25 to 44 are the most likely to be the target of an attack, according to a survey by the Office for National Statistics. The ONS also found there had been a ninefold increase in “advance fee fraud” compared to pre-pandemic levels.
The findings come from the annual Telephone Crime Survey of England and Wales (TCSEW) which had a break in data gathering during the Covid-19 pandemic, allowing researchers to explore data before and after the lockdown.
Phishing attacks, usually carried out via an email with a fake link, are on the rise globally. It isn’t just individuals being targeted. ‘The Cyber Security Breaches Survey 2022‘ found that of those companies reporting some kind of cyberattack, 83% said the most common was a phishing attempt.
UK phishing attacks: very few users click dangerous links
Very few of those targeted with a phishing attack clicked a link or replied to the message. Just 3% engaged with the harmful content, but across the UK that would be equivalent to 700,000 people, and 11% of those clicking a link provided information that could be used by cybercriminals.
While those aged 25-44 were the most likely to get a phishing message, the upper end of this age group, those between 35 and 44, were the most likely to respond or click a link.
Those with the highest disposable income were the most likely to be targeted, with 56% of employed adults being targeted compared to 39% of those unemployed.
The majority of phishing attacks target individuals, even those attempting to enter a corporate network. The ONS found that fraudsters have been actively exploiting significant events including the pandemic and the rising cost of living to attack their victims.
In addition to big events, the survey revealed attacks are focusing on behavioural changes in society that have happened, or been accelerated, as a result of Covid-19 including a rise in online shopping.
One of the biggest single types of fraud was the “advance fee” where victims make an upfront payment for goods or services which then don’t materialise. This increased ninefold over pre-pandemic levels, according to the ONS.
In data gathered last year, 4.8% of all fraud was directly linked to coronavirus in some form, the survey revealed and this rose to 6.3% when specifically linked to phishing and online attacks.
One campaign saw victims sent text messages claiming to be from the NHS, saying they’d been in close contact with someone who had the Omicron variant. Clicking the link in the text message would take the victim to a website that looks like it is an NHS booking page to get a test and pay a delivery fee. The fake page sent the money and personal details to the criminal.
The National Fraud Intelligence Bureau (NFIB) at the City of London Police has also noticed a new trend of “cost of living fraud” where cybercriminals would promise energy and council tax rebates, or encourage people to apply for a cost of living payment. In all instances, it was gathering personal information by mimicking real government programmes.
Online shopping and cost of living fraud
A third of those clicking one of these messages said they did so for financial or material gain, although a similar percentage also said they did so to pay an invoice or bill.
“Phishing scams continue to pose a significant threat for both individuals and businesses,” said detective chief superintendent Oliver Shaw, City of London Police. “I would urge everyone to be vigilant of unexpected messages or calls that ask for your personal or financial information.”
One of the most common areas of attack this year has been the cost of energy crisis. In the last couple of weeks of July more than 1,500 reports were made to the Suspicious Emails Reporting Service about scam emails claiming to be rebates from Ofgem.
As well as mimicking messages from Ofgem promising government subsidies, the criminals were also posing as utilities offering up deals on energy bills and competitions to win fuel vouchers.
More than half of people receiving phishing messages said the sender posed as a delivery company trying to take advantage of the rise in online shopping and homeworking, while a third of the messages claimed to come from their bank or building society and a quarter from a government service.
The ONS also discovered there had been a rise in the number of scam messages coming in via WhatsApp, particularly from cybercriminals pretending to be someone the recipient knows. Earlier this year there were 1,235 reports linked to this scam with losses exceeding £1.5m.
These messages included “hello mum”, “hello dad” and ask for money, claiming to come from a new mobile number due to a lost or damaged phone.
Other scams include posing as companies such as Tesco and Amazon, offering reward cards or vouchers in exchange for personal information.
Tech Monitor has reported on phishing scams becoming increasingly complex, including one which used genuine Paypal email addresses to fool users.
Jake Moore, global security advisor at ESET, says: “As phishing attacks become cleverer and harder to spot, the onus is left on individuals to take measures to weed out the potential scams.
“Making sure the recipient’s email address is correct is a good place to start, but not foolproof. So if an action or payment is requested from the email it is still best to double check by validating the claim via another communication method before it is too late.”