Credit: Gerd Altmann/Pixabay

The NHS is the public sector brand most-often impersonated by cybercriminals attempting to perpetrate email scams.

The National Cyber Security Centre has revealed that its Suspicious Email Reporting Service received 6.4 million reports of scams in 2022, resulting in 67,300 websites being taken down.

Phishing attempts often invoke a government or other trusted brand and, according to the NCSC, the NHS was the most widely impersonated public-sector entity last year.

TV Licensing was second on the list, with HM Revenue and Customs in third. 

The department frequently issues public warnings about fraudsters attempting to use the its name; in October, HMRC announced that, in the preceding 12-month period, it had been alerted to 181,296 instances in which citizens had received a suspicious communication purporting to be from the tax agency.

A total of 55,386 suspected phone scams were reported to HMRC during the year, and the department identified 10,565 “malicious websites” – all of which were then reported to authorities to be shut down. Nearly 50 phone numbers were also taken out of service. 

Related content

• NCSC warns organisations: ‘You cannot perform all functions securely with just BYOD’
• Government anti-fraud efforts hindered by ‘lack of real-time data sharing’
• HMRC scam website crackdown ‘saves public £2.4m’

The GOV.UK brand was fourth on the NCSC’s list of the public-sector brands most used in email scams, with the Driver and Vehicle and Licensing Agency and Ofgem – the energy regulator – completing the top six.

Mike Glassey, chief information security officer at Ofgem, said: “Protecting consumers is our top priority and it is alarming that vulnerable customers are being preyed upon when people are already struggling so much with energy bills. That’s why, as energy regulator, on top of issuing our own warnings and advice, we have asked all energy suppliers to ensure clear and up to date information on scams is easily accessible on their websites.”

The NCSC encourage any members of the public that receive a communication they believe might have been targeted by an attempted to scam to contact the Suspicious Email Reporting Service at report@phishing.gov.uk. Text messages can be forwarded to 7726.

“We know cybercriminals try to exploit trends and current affairs to make their scams seem convincing and sadly our latest data shows 2022 was no exception, said Sarah Lyons, the centre’s deputy director for economy and society resilience. “By shining a light on these scams, we want to help people more easily spot the common tricks fraudsters use, so that ultimately they can stay safer online. There is much more advice on the NCSC’s website about spotting suspicious messages, along with our Cyber Aware guidance to help people protect their devices.”