Financial Regulator Hit by 240,000 Malicious Emails in Q4 2020

The UK’s financial regulator was bombarded with nearly a quarter of a million malicious emails in the final quarter of 2020, FOI data has revealed, highlighting the continuous pressure high-profile organizations are under to protect their assets.

Litigation firm Griffin Law filed the FOI request with powerful London-based body the Financial Conduct Authority (FCA).

It revealed that the FCA was hit with 238,711 malicious and unsolicited emails over the final three months of 2020, averaging out at around 80,000 per month.

November saw the highest volume (84,723), followed by October (81,799) and December (72,288). The vast majority were classified as spam, with over 2400 containing malware including Trojans, spyware and worms, according to the report.

The good news is that the FCA blocked all of these malicious emails sent its way, although the real threat is not from mass automated campaigns but more highly targeted spear-phishing attempts.

Tessian CEO, Tim Sadler, argued that phishing remains a major security problem today because it’s easier to hack a human than it is to target software.

“Cyber-criminals, undoubtedly, want to get hold of the huge amounts of valuable and sensitive information that FCA staff have access to, and they have nothing but time on their hands to figure out how to get it,” he added.

“It just takes a bit of research, one convincing message or one cleverly worded email, and a distracted employee to successfully trick or manipulate someone into sharing company data or handing over account credentials.”

The regulator is far from faultless when it comes to cybersecurity: like many organizations, human error has been its undoing in the past.

Back in February 2020 it apologized after accidentally posting personal information including names, addresses and telephone numbers of some individuals who had lodged complaints against the authority.

Ironically, the data leak occurred as part of its response to an FOI request.