Scammers are exploiting the cost of living crisis by posing as Britain’s energy regulator, an intelligence agency has warned
The National Cyber Security Centre (NCSC), the public-facing arm of GCHQ, revealed it had received six million reports of emails and texts impersonating government bodies in 2022.
Many of the so-called phishing attempts, sent by criminal hackers, contain links which will either try to infect devices with malware or con users out of money on bogus websites.
The agency warned that cyber criminals were always quick to exploit events that are in the news – such as the cost of living crisis – to make their cons “more convincing”.
One of the phishing scams flagged the most by members of the public was a message purporting to be from Ofgem, the energy regulator, regarding support with energy bills.
The message would typically encourage recipients to visit a fake website and enter in personal information such as bank details to receive financial support, which the hackers would then use to raid the victim’s bank account.
‘Eligible for a discount’
One such message said: “GOVUK: We have identified you as eligible for a discounted energy bill under the Energy Bills Support Scheme. You can apply here: https://reduce-myenergybill.com”
Mike Glassey, chief information security officer at Ofgem, said: “Protecting consumers is our top priority and it is alarming that vulnerable customers are being preyed upon when people are already struggling so much with energy bills.
“That’s why, as energy regulator, on top of issuing our own warnings and advice, we have asked all energy suppliers to ensure clear and up-to-date information on scams is easily accessible on their websites.
“We take these attempts to exploit consumers very seriously and work with the National Cyber Security Centre to prevent these malicious attacks, identifying and responding in near real-time to over 100 of these phishing campaigns in 2022 alone.”
The NCSC said scams posing as the NHS was the top attack it encountered as criminals continued to capitalise on the pandemic.
One such message read: “NHS-UK Health Department: You’ve been in close contact with a confirmed Omicron case. You must book a PCR test kit.”
Others in the top six included TV licensing, HM Revenue and Customs, the Gov.uk website and the DVLA.
More than 67,300 fake URLs were taken down thanks to tips from the public, it claimed.
Sarah Lyons, deputy director for economy and society resilience at the NCSC, said: “We know cyber criminals try to exploit trends and current affairs to make their scams seem convincing and sadly our latest data shows 2022 was no exception.
‘Spot the common tricks’
“By shining a light on these scams we want to help people more easily spot the common tricks fraudsters use, so that ultimately they can stay safer online.
“There is much more advice on the NCSC’s website about spotting suspicious messages, along with our Cyber Aware guidance to help people protect their devices.”
The agency is urging people to strengthen security around their online accounts ahead of the New Year and January sales where there could be a fresh wave of scams.
It advises that accounts have two-step verification set up, so a notification is sent to a device for confirmation, as well as the normal password, and passwords are composed of three random words to prevent cyber criminals hacking email accounts.
Using three random words helps avoid situations where hackers can access accounts by guessing obvious passwords based on birthdays, family names or pet names, for example.
The NCSC is encouraging the public to forward suspect emails to its Suspicious Email Reporting Service at email@example.com, while suspicious texts should be forwarded to 7726.