Customers have been urged to be vigilant
NS&I has released a statement to its customers following a series of blocked emails. The Premium Bonds provider has spoken out to clarify the security measures it has in place.
A Freedom of Information request revealed that over the past three years, NS&I blocked 132,126 emails, including spam, phishing attempts, malware and Edge Block, a Microsoft Edge tool that prevents suspicious pop-ups and adverts. While the total number of blocked emails decreased over the past 12 months, there was a significant surge in phishing attacks during this time, jumping from 1,043 to 4,414. Spam attacks accounted for the largest proportion of blocked emails over the three-year period, making up 97,777 of the total.
Andy Ward, SVP International of cyber security group Absolute Security, warned: “Any organisation and any person can be a target for cybercriminals, so it’s vital that security systems are prepared to deal with threats, particularly when large sums of money are involved.”
He explained the tactics that scammers use: “Malicious actors are using tactics such as AI-generated phishing emails in an attempt to trick staff into falling for scams, giving cybercriminals their route in to wreak havoc, which can often lead to wider disruption. For organisations like NS&I, even a short disruption could have severe implications for customers, so it’s vital that security teams ramp up their defences and prepare to recover and respond to cyber threats.”
NS&I statement
When asked about the figures, an NS&I spokesperson said: “NS&I takes the security of its systems very seriously and has robust processes in place to detect and prevent malicious communications to keep our systems and customer data secure.”
The organisation said the FOI request related specifically to inbound emails to NS&I and did not include any customer emails. The revelation follows a significant incident in which NS&I customers were locked out of their savings.
READ MORE: Cost-of-living crisis continues as expert warns food prices ‘will not come down’READ MORE: Travel expert Simon Calder predicts EU’s controversial EES system to be ‘put on hold’ for the whole summer
Approximately 37,000 customers were impacted, with up to £476million in deposits affected. The problem particularly hit bereaved relatives of deceased customers, who faced difficulties accessing their loved ones’ savings.
Online expert Charlotte Wilson, head of enterprise for UK & Ireland at cyber security software group Check Point, said: “So many hacks leak data on people yet as a society, we have become worryingly liberal with handing over our sensitive personal and financial details. Whether it’s filling out forms to get discounts, participating in loyalty schemes, or giving away email addresses for digital receipts, so much data gets freely handed over, increasing the stakes of each cyber hack.
“When it comes to incidents such as NS&I’s lost savings, where there’s lots of data involved, AI makes it easy for cybercriminals to find vulnerabilities, which increases the chances of attacks.” She encouraged consumers to exercise caution regarding what information they disclose. She explained: “Consumers not understanding the risks of sharing data makes defending increasingly difficult. It’s not always a case of losing financial data, as other personal data, such as the last item purchased or the investment company used, can start a trail that results in a much bigger breach.”
