bloomicon – stock.adobe.com
A new data-sharing service, created by the NCSC with industry partners, will allow ISPs to access real-time threat information that can be used to block fraudulent websites
Published: 11 May 2022 13: 52
The National Cyber Security Centre (NCSC) has handed the UK’s internet service providers (ISPs) a new weapon in the fight against online scams through a new threat data-sharing partnership, launched on the second day of its flagship CyberUK 2022 conference in Wales.
The NCSC stated that unlocking real-time information will allow broadband providers to immediately block customers accessing known fraudulent sites. It will be made available to all UK ISPs and will “significantly strengthen” the country’s ability to protect its consumers from cyber fraud.
The new service will complement the work of the NCSC’s existing takedown service – part of the Active Cyber Defence programme – which, it was revealed earlier this week, took down nearly three million online scams in 2021 alone, including fake celebrity endorsements, fraudulent Covid-19 vaccine passports, NHS-linked phishing campaigns and, in one instance, a gang of cyber criminals pretending to be NCSC CEO Lindy Cameron herself.
The organisation hopes to eventually be able expand the service to web browsers as well as managed service providers (MSPs) in the future.
Sarah Lyons is the NCSC deputy director of economy and society. She stated: “Cybercriminals continue to seek out devious methods to fool us into sharing our personal or financial details. It is crucial that we keep ahead of them.
” This partnership with internet service providers ensures that scams are prevented from reaching our screens. It also strengthens the UK’s protection against online harms .”
BT Security MD Kevin Brown, who has previously worked with the NCSC on a number of initiatives, added: “Online scams continue to cause massive harm, from the financial losses suffered by individuals and businesses, through to the continued erosion of our trust in the internet and the communications we receive.
” To tackle this problem, both public and private sector organisations must collaborate and share intelligence and best practices with each other, as well as their peers.
” We are proud to have worked with the NCSC in the development of this initiative. It will greatly increase the speed with which we share data, and block scams .”
The service will sit alongside a number of NCSC tools that consumers can already use to protect themselves, including a website reporting tool to which you can send suspicious URLs for analysis, and a reporting tool for spam and scam emails, [email protected]. Suspicious text messages, meanwhile, can be forwarded to 7726.
Separately, the NCSC has also launched a new email security checker tool to help organisations ensure appropriate protections are in place.
This free online service helps organisations identify possible email vulnerabilities. According to the NCSC, it found that sectors vary in their adoption of security standards. Some have coverage as low at 7%. The service is hoped to help fix this.
“Email plays an important role in the communication of organisations every day. Therefore, it is crucial that technical teams have security measures in place to prevent abuses of email systems,” stated Paul Maddinson (NCSC director for national strategy and resilience).
” Our new email security tool allows users to identify areas where they can do more. It also provides practical advice on how to keep your data safe. The recommended actions can be taken by organisations to strengthen their security and show that they are serious about security.
The service scans information online about domains, focusing on antispoofing – checking standards like DMARC and establishing if they are correctly configured – and email privacy – checking whether users have privacy protocol such as Transport Layer Security (TLS) and operating properly to protect data in transit. In the future, more features will be available.
It should be noted that the service cannot check whether inbound emails or domains are suspicious. As such, suspicious emails should be forwarded to NCSC’s reporting mailbox.