NCSC report reveals phishing lures increasingly disguised as vaccination appointments


The National Cyber ​​Security Center (NCSC) released the fifth edition of its Active Cyber ​​Defense Report on Wednesday, June 25, 2022. Launched in 2016, the NCSC’s Takedown service halved the UK’s share of global phishing and reduces the lifecycle of commodity cyberattacks.

Since its inception, the service has fought off new attacks. Public reporting has been enabled via SERS and 7726, alongside Action Fraud. This has enabled the NCSC to tackle commodity-related cybercrime categories related to reported financial losses. The service removed a total of 3.7 million campaign groups, made up of 5.8 million URLs, including 2.01 million IP addresses, in just five years.

In an increasingly digital world, cybercrime prevention measures are more important than ever. Active Cyber ​​Defense (ACD) aims to “protect the majority of people in the UK from the majority of harm caused by the majority of cyber-attacks most of the time”, the report notes. As a largely automated service, ACD protects the public against threats such as malware, reducing both the occurrence and the success rate.

In 2021, the Takedown service battled 2.7 million campaigns, including 3.1 million URLs, a notable increase from 2020’s removals of 700,000 campaigns, including 1.4 million URLs. This significant increase is likely the result of the longer takedowns against extortion mail server and celebrity-endorsed investment scams in 2021.

A new NHS vaccine decoy was identified in December 2020 amid the pandemic. Victims received more than 70 of these lures in January 2021 via email and SMS campaigns. In the summer of 2021, this lure became less important when a vaccine certification system took its place as a popular option.

Together, these campaigns sought to extract personal and financial data from targets. Vaccination appointment bookings were falsely advertised on phishing websites for a fee, a decoy that captured said data, allowing phishers to commit fraud and contact victims posing as UK representatives. banks.

Vaccine decoys quickly became more convincing, even offering QR Codes. Scanning the said codes redirected the victims to a free QR code generation site. The Office for National Statistics held its first digital census for England and Wales in March 2021. Following the event, phishers took the opportunity to threaten their targets with fines if they sent in their census late.


About Author

Comments are closed.