Water regulator Ofwat flooded with over 20,000 malicious emails this year

The data, obtained under the Freedom of Information (FOI) Act and analysed by the Parliament Street think tank, comes following warnings from the National Cyber Security Centre (NCSC) that smart cities could be at risk of a devastating cyber attack, arguing that sensitive utility and transport data also needs to be secured from being stolen in large volumes.

Ofwat has only 266 employees, which suggests that the corporate email addresses are regularly bombarded with spam and phishing emails, which if successful, could cause major problems for data protection as well as productivity.

In total, 5,149 emails were marked as phishing, which tricks users and staff members into believing that the message is a legitimate request — such as an email from their bank, for instance, or a note from someone in their company — and to click a link or download an attachment.

Spam emails, came in more frequently, with 16,337 emails reported as spam which could contain malware, which is software intentionally designed to cause damage to a computer, server, client, or computer network.

The highest month for spam emails was March 2021, where a total of 4,769 were flagged. The second highest was February 2021, with 4,116 spam emails flowing into recipients’ inboxes.

With phishing emails, March 2021 was the highest month, totalling 1,600, followed by February 2021 with 1,392 phishing attacks hitting the organisation.

All the 21,486 malicious emails were reported as being successfully blocked by the Ofwat.

Cyber security expert Chris Ross, SVP International, Barracuda Networks comments:

“Over the course of the pandemic, we’ve seen a huge rise in the volume and sophistication of malicious phishing emails designed to trick employees into handing over confidential data. These figures are another reminder of the risks these scams pose to critical national infrastructure, such as vital utilities and transport, with hackers seeking to disrupt services, steal personal financial data as well as holding organisations to ransom.

Tackling this threat requires a concerted effort, both in terms of delivering the necessary cyber awareness training so that staff think twice before handing out critical information and having the right email protection systems in place to identify and quarantine suspicious emails before they reach the inbox of users. Additionally, organisations should ensure they have the necessary backup and recovery systems in place, to mitigate against loss or theft of data in the event of a successful ransomware attack.”

About the Parliament Street think tank
Founded in 2012, the Parliament Street think tank is one of the UK’s leading research organisations, producing insights and policy papers on evolving threats such as cyber attacks.