The NHS has topped a list of the Government departments, agencies and public bodies that cybercriminals most frequently impersonated in 2022 to scam members of the public.
Cyber security experts have warned Britons to be vigilant about emails and text messages sent out by imposters that appear at first glance to come from official channels such as the NHS and aim to prompt recipients to click through to unsafe websites or download viruses or spyware onto their devices.
TV Licensing was the second most common impersonation scam reported last year, followed by HM Revenue & Customs, and the UK Government website, gov.uk, the National Cyber Security Center (NCSC) – a part of GCHQ – revealed. The Driver and Vehicle Licensing Agency was the fifth most used cover, and the energy regulator, Ofgem, came sixth.
A common tactic used in phishing scams – whereby hackers attempt to trick people into revealing sensitive information such as passwords or banking information by inviting them to click a bad link that will download malware or direct them to a fake website – is to exploit topical events.
Their aim is often to make recipients visit a website, which may stealthily download a virus onto their computer, ask them to make what appears to be a legitimate payment or steal bank details and other personal data.
This year, the NCSC saw cyber criminals exploit the rising cost of living with Ofgem energy bill support scams and HMRC tax rebate scams. They also continued to take advantage of the pandemic to attempt PCR test scams.
Tips to help protect you from falling prey to scammers
- Set up 2-step verificationand use three random words passwords to prevent cyber criminals gaining access to email accounts
- Choose carefully where you shop: Research online retailers, particularly if you haven’t bought from them before, to check they’re legitimate. Read feedback from people or organizations that you trust, such as consumer websites
- Pay securely: Use a credit card rather than a debit card when shopping online, if you have one. Most major credit card providers protect online purchases and are obliged to refund you in certain circumstances. Using a credit card also means that if your payment details are stolen, your main bank account won’t be directly affected. Also consider using a payment platform, such as PayPal, Google or Apple Pay. And whenever you pay, look for the closed padlock in the web address bar – it means your connection is secure.
The agency said it received 6.4 million reports to its Suspicious Email Reporting Service during 2022, bringing the total number of reports since its 2020 launch to 15.8 million. It removed 67,300 scam URLs this year as a result.
“We know cyber criminals try to exploit trends and current affairs to make their scams seem convincing and sadly our latest data shows 2022 was no exception,” said Sarah Lyons, NCSC deputy director for economy and society resilience.
“By shining a light on these scams we want to help people more easily spot the common tricks fraudsters use, so that ultimately they can stay safer online.”