NHS and HMRC among most-impersonated agencies by cyber-scammers

Written by Sam Trendall on 6 January 2023 in News

Cyber intelligence unit reveals the government brands most often cited in attempted fraud and hacking

Credit: Gerd Altmann/Pixabay

The NHS is the public sector brand most-often impersonated by cybercriminals attempting to perpetrate email scams.

The National Cyber Security Centre has revealed that its Suspicious Email Reporting Service received 6.4 million reports of scams in 2022, resulting in 67,300 websites being taken down.

Phishing attempts often invoke a government or other trusted brand and, according to the NCSC, the NHS was the most widely impersonated public-sector entity last year.

TV Licensing was second on the list, with HM Revenue and Customs in third. 

The department frequently issues public warnings about fraudsters attempting to use the its name; in October, HMRC announced that, in the preceding 12-month period, it had been alerted to 181,296 instances in which citizens had received a suspicious communication purporting to be from the tax agency.

A total of 55,386 suspected phone scams were reported to HMRC during the year, and the department identified 10,565 “malicious websites” – all of which were then reported to authorities to be shut down. Nearly 50 phone numbers were also taken out of service. 

Related content

The GOV.UK brand was fourth on the NCSC’s list of the public-sector brands most used in email scams, with the Driver and Vehicle and Licensing Agency and Ofgem – the energy regulator – completing the top six.

Mike Glassey, chief information security officer at Ofgem, said: “Protecting consumers is our top priority and it is alarming that vulnerable customers are being preyed upon when people are already struggling so much with energy bills. That’s why, as energy regulator, on top of issuing our own warnings and advice, we have asked all energy suppliers to ensure clear and up to date information on scams is easily accessible on their websites.”

The NCSC encourage any members of the public that receive a communication they believe might have been targeted by an attempted to scam to contact the Suspicious Email Reporting Service at report@phishing.gov.uk. Text messages can be forwarded to 7726.

“We know cybercriminals try to exploit trends and current affairs to make their scams seem convincing and sadly our latest data shows 2022 was no exception, said Sarah Lyons, the centre’s deputy director for economy and society resilience. “By shining a light on these scams, we want to help people more easily spot the common tricks fraudsters use, so that ultimately they can stay safer online. There is much more advice on the NCSC’s website about spotting suspicious messages, along with our Cyber Aware guidance to help people protect their devices.”


About the author

Sam Trendall is editor of PublicTechnology. He can be reached on sam.trendall@publictechnology.net.

Share this page




Please login to post a comment or register for a free account.

Related Articles

Home Office and BEIS first departments under the microscope in pilots of new independent cyber audits
16 January 2023

External supplier brought in to run the rule over government systems as rollout begins of ‘GovAssure’ programme

NCSC and law enforcement investigate major Royal Mail cyberattack
16 January 2023

Incident, which has been linked to Russian ransomware group, has left customers unable to send items overseas

Government looks to boost resilience with new strategy and dedicated leader
3 January 2023

Existing initiatives in cybersecurity picked out as shining example of cooperation with commercial sector

EXCL: Government red team security unit to test departmental defences with hostile reconnaissance
2 December 2022

Specialist supplier will support in searching – and then attempting to take advantage of – ‘vulnerabilities and exploitable information’