Posted on March 19, 2022 at 5:24 AM
The UK’s National Cyber Security Center (NCSC) stated that it has received over 10 million suspicious emails through the Suspicious Email Reporting Service (SERS).
In addition, it has also stopped more than 76,000 online scams related to cryptocurrencies, online derivatives, NHS, and other areas since the past two years it has been active. The agency also advised people to use strong passwords and always apply multi-factor authentication to protect their accounts from the menace of threat actors.
The campaign was launched on April 21, 2020, when the Covid-19 pandemic was reaching its height at the time, cybercrime was also at its peak as threat actors took advantage of the pandemic to exploit their targets. The NCSC reporting email inbox was bombarded with millions of emails within the first two months it was launched. Since then, the frequency of emails received in the box has been almost the same.
According to the report, cyberattacks come in different areas, including malware attacks, DDoS, and phishing attacks. As a result of the sustained increase in attacks, the government was forced to start a new campaign across billboards, online, and billboard adverts to advise the public on actionable methods of avoiding such attacks.
Thousands Of Online Scammers Discovered
Chief Executive Officer of NCSC, Lindy Cameron, stated that the UK’s public response to the SERS has led to the removal of thousands of online scams.
However, a lot more needs to be done to offer more protection against persistent threats o secure online accounts. She added that people will reduce risks, including persistent data breaches and financial losses. Lindy added that everyone has a role to play in cyber security and people should follow NCSC’s Cyber Aware advice to make life more difficult for the threat actors.
Chancellor of the Duchy of Lancaster, Steve Barclay, noted that online scams all target several organizations and people are now more determined to stamp them out.
The role of stamping them out is now for everyone by being vigilant and following the security procedures outlined by security experts. They should also be more active in reporting suspicious communications and use secure methods to safeguard accounts.
He also advised everyone to check out the NCSC website to get regularly updated on new security measures and information about new types of scams. The website also provides great advice on how people can protect themselves online, including using passwords and enabling a two-step verification process.
The Increasing Menace Of Mobile Phishing
There is now an increased number of people that access the internet using their mobile devices. As a result, threat actors are now shifting their targets to mobile devices. They are developing malware and threat action tools that are specifically meant to target mobile phones, android devices, and other types of mobile devices.
The advisory has recommended that employees sing together three randomly chosen words to use in their password, to make it easier to remember and difficult for the hackers to copy. The users can also add symbols to make the passwords much more difficult to guess.
But even if the threat actor uses a sophisticated technique to guess or know the password, a multi0-factor authentication will help to keep the user’s account safe, researchers advise.
The NCSC stated that one of the problems with enforcing password complexity requirements is the fact that it makes it more difficult for users to generate. It also makes it harder for them to remember and enter the passwords correctly without the help of a password manager app.
Users Asked To Always Apply Multi-Factor Authentication (MFA)
The campaign also stressed multi-factor authentication, which has helped a lot of users to protect their accounts. An account without the protection of multi-factor authentication makes it more vulnerable to threat actors. However, those that have a second layer of security will give the hackers a lot of problems to crack.
That means even if they succeed in getting the user’s password, they will still need to have control of their phone number or email account before they could access the target’s account. Also, users have been advised not to use websites that do not have provisions for two-factor or multi-factor authentication.
These platforms do not provide a standard security protocol, and users are more likely to be exploited without the additional layer of security.