Support 100 years of independent journalism.

  1. Spotlight
  2. Cyber
13 May 2022

NCSC launches new security tool to help people spot suspicious emails

The government’s cyber security centre is ramping up its free online services to help more individuals and businesses identify scammers.

By Sarah Dawood

The adage of “don’t download attachments from an unknown sender” has never been more pertinent. Workplace cyber attacks are rife, with more than a third (39 per cent) of UK businesses identifying some kind of security breach in the past 12 months, according to the latest survey by the National Cyber Security Centre (NCSC).

While ransomware (where victims are blocked from accessing their data or computer system until money is paid) is often perceived as the biggest cyber threat for businesses, the most common attack is actually phishing, which affects four-fifths of businesses targeted. This is where cyber criminals pose as legitimate organisations, usually via email, to gain access to a victim’s sensitive information. The price of a cyber attack can be dear; a breach resulting in an outcome such as loss of money or data typically costs a small business £4,200, and for medium and large businesses, this rises to £19,400.

To help tackle the prevalence of business-related email scams, the NCSC has launched a new, free, online security tool, which allows anyone to check an email domain’s security levels.

Announced at this year’s CyberUK conference in Newport, Wales, the email security check service primarily aims to help individuals (whether they are using a work or a personal email account) decide whether an email they have received could be malicious. It helps them assess the sender account’s vulnerability to being compromised and used for a phishing scam or spoofing (online identity theft).

The tool checks for certain vulnerabilities and whether security measures are in place. This includes anti-spoofing standards, which prevent cyber criminals from infiltrating an email domain, and privacy protocols, which ensure that emails are encrypted when in transit and remain confidential between email servers.

It adds to a list of other NCSC tools for consumers, such as its suspicious email reporting service (SERS), where anyone can forward on emails to report@phishing.gov.uk, and its website reporting tool, where people can submit URLs of suspicious websites, such as scam sites offering investment or cryptocurrency opportunities with fake celebrity endorsements. The NCSC then analyses them and removes them if they are found to be fraudulent. Such mechanisms helped the NCSC remove 2.7 million scams in 2021, four times the amount it removed in 2020.

This fourfold increase shows the extent to which online fraud is a growing public threat; people in the UK are now more likely to be a victim of fraud than any other crime. To stop scams at their source, the NCSC has agreed a new data-sharing agreement between government and broadband providers, which will provide organisations such as BT and Sky with crucial information, enabling them to identify and block websites more quickly.

Content from our partners
The future of gas
Taxing non-doms fairly would raise billions
The UK simply cannot afford to wait on climate change

Jeremy Fleming, director at the UK’s intelligence, cyber and security agency, GCHQ, said at Cyber UK that there must be a “shared sense of purpose” between government and industries to tackle cyber crime.

“We are working with partners across the country – private and public – to respond to incidents, warn of threats and offer tailored advice and guidance to stay safe online,” he said. “And we are supporting the adoption of measurable, data-driven standards, in government, the public sector and wider critical national infrastructure (CNI).”

Critical sectors, including local and central government and healthcare, carry a high risk of becoming cyber attack targets. Several high-profile cases in recent years (such as the attack on Redcar and Cleveland local authority in 2020) demonstrate the public sector’s vulnerability, and in many cases, the lack of preventative security measures or contingency plans in place.

Lindy Cameron, CEO at the NCSC, told Spotlight that central government needs to “lead by example” in following security procedures, and that ensuring measures are in place is as important for public sector organisations as it is for private sector ones. “We don’t believe you should be constrained by how big your organisation is or how much money you have,” she said. “It’s about making sure you’re fit for purpose and that you protect the services you provide effectively. It should be part of the cost that’s built in to providing those services in the first place, not an add-on.”

Ian Levy, technical director at the NCSC, added that government is often used as a “guinea pig” to test new security tools before the centre launches them publicly, and therefore this helps to create an incentive for other organisations to follow suit.

“Once we make sure government can [follow its own advice], this [convinces] businesses that they must be able to do it too,” he said. “It’s about changing the market incentive so that the easy thing to do is also the right thing to do. At the moment, security is too difficult for 99 per cent of people.”

CyberUK took place from 10-11 May 2022.

Select and enter your email address Quick and essential guide to domestic and global politics from the New Statesman's politics team. A weekly newsletter helping you fit together the pieces of the global economic slowdown. The New Statesman’s global affairs newsletter, every Monday and Friday. The best of the New Statesman, delivered to your inbox every weekday morning. The New Statesman’s weekly environment email on the politics, business and culture of the climate and nature crises - in your inbox every Thursday. Our weekly culture newsletter – from books and art to pop culture and memes – sent every Friday. A weekly round-up of some of the best articles featured in the most recent issue of the New Statesman, sent each Saturday. A newsletter showcasing the finest writing from the ideas section and the NS archive, covering political ideas, philosophy, criticism and intellectual history - sent every Wednesday. Sign up to receive information regarding NS events, subscription offers & product updates.
  • Administration / Office
  • Arts and Culture
  • Board Member
  • Business / Corporate Services
  • Client / Customer Services
  • Communications
  • Construction, Works, Engineering
  • Education, Curriculum and Teaching
  • Environment, Conservation and NRM
  • Facility / Grounds Management and Maintenance
  • Finance Management
  • Health - Medical and Nursing Management
  • HR, Training and Organisational Development
  • Information and Communications Technology
  • Information Services, Statistics, Records, Archives
  • Infrastructure Management - Transport, Utilities
  • Legal Officers and Practitioners
  • Librarians and Library Management
  • Management
  • Marketing
  • OH&S, Risk Management
  • Operations Management
  • Planning, Policy, Strategy
  • Printing, Design, Publishing, Web
  • Projects, Programs and Advisors
  • Property, Assets and Fleet Management
  • Public Relations and Media
  • Purchasing and Procurement
  • Quality Management
  • Science and Technical Research and Development
  • Security and Law Enforcement
  • Service Delivery
  • Sport and Recreation
  • Travel, Accommodation, Tourism
  • Wellbeing, Community / Social Services
I consent to New Statesman Media Group collecting my details provided via this form in accordance with the Privacy Policy
THANK YOU

Topics in this article: