In an indication of the severe threat presented by phishing campaigns to major corporations, the British Broadcasting Corporation (BBC) was targeted with almost 52 million phishing and spam emails in the first eight months of 2020, averaging more than 280,000 spam or phishing emails every day.
Information obtained by think tank Parliament Street through a Freedom of Information request has revealed that fraudsters, spammers, and cyber criminals sent an average of more than 6.7 million emails per month to the BBC between January and August this year.
In these eight months, the BBC was able to block nearly 52 million malicious emails from reaching its employees’ inboxes and also blocked more than 18,000 malware attacks every month, giving us an insight into the enormity of the threat faced by organisations of global repute.
In July alone, the news agency was targeted with 13,592 malware attempts and over 6.7 million spam emails and in March, when businesses started introducing work from home policies, it was bombarded with 6,768,632 spam emails and 14,089 malware attacks.
The fact that a single company like the BBC can be targeted with millions of phishing emails, some containing powerful malware, every single month brings into focus the importance of organisations using advanced anti-spam, anti-malware, and email-filtering solutions to block as many email-based threats as possible from reaching their employees’ inboxes.
This is because organisations cannot simply rely on employees alone to detect all forms of phishing threats. Last week, the Wisconsin Republican Party lost as much as $2.3 million (£1.77 million) to “a sophisticated phishing attack” that involved hackers sending the party well-crafted phishing emails that contained doctored invoices under the name of the party’s vendors.
On 22nd October, the party discovered that it had paid out as much as $2.3 million (£1.77 million) to fraudsters who masqueraded as its vendors in emails to lure it into transferring the money to their own accounts. The party immediately contacted the FBI which is presently investigating the situation.
In July, a survey from Computer Disposals Limited revealed that a vast majority of Brits are still struggling to accurately identify phishing and smishing attempts and are also not adept at differentiating between genuine and spam emails and messages.
The survey also revealed that 56% of people are still not able to correctly identify spam emails, despite various efforts by government agencies, companies, and consumer groups to raise awareness about how to spot phishing emails. This indicates that the British public may continue to remain vulnerable to various phishing campaigns, including those leveraging the COVID-19 pandemic or shopping fests like Black Friday.
Another interesting outcome of the survey was that a majority of Brits still rely on soft indicators, such as the brand, rather than strong indicators like mail addresses, personal information, and other trust factors. “Messages purporting to be from trusted sources and websites that we use every day, such as Facebook, appear to receive less scrutiny than messages from sources people use less frequently,” CDL observed.