NCSC Launches Microsoft Office 365 Button to Report Business Email Spam

  • UK employees can now use one single click to flag scam emails to the National Cyber Security Centre (NCSC), with the organization already receiving 6.5 million reports from the public since its original launch.

    Launched today, the NCSC says it has made it easier than ever for employees in the UK to join the fightback against email scams targeting their organizations. Guidance has been published on how IT administrators can add a new reporting tool to their organizations’ Microsoft Office 365 accounts.

    According to its announcement today, the NCSC, part of GCHQ, says that by clicking the new button, employees can report “potential scams directly to the NCSC’s Suspicious Email Reporting Service (SERS). It will also report the scam to the organization’s IT team.

    Since its launch in April 2020, the NCSC says that its SERS has received over 6,500,000 reports from the public. The reports have resulted in the removal of over 87,000 scam URLs. In July, it took four hours on average to remove malicious URLs in phishing emails reporting to the SERS, according to the NCSC.

    “Opportunistic scams during the pandemic have demonstrated how cyber-criminals constantly find new ways to target us,” says Dr. Ian Levy, technical director, NCSC. “The good news is that you can help protect your workplace by forwarding suspected scam emails to the [SERS] from your work email account at the click of a button.

    “This simple technical innovation could enable millions more people to join our mission to stop scam emails from ever reaching UK inboxes.”

    According to the NCSC, typical phishing URLs identified by its experts that target business organizations include: malware, clone login pages and enterprise software spoofs. Businesses in the financial services industry are expecting email-borne attacks to increase, as reported by Infosecurity, says a report by Mimecast.

    This action by the NCSC is part of its Active Cyber Defence programme. It is also working in partnership with the City of London Police and has committed to protecting organizations from cybercrime, which it says cost them over £5 million in the last 13 months.

    Mike Cherry, national chair of the Federation of Small Business, welcomes this innovation: “[These] are crucial to calling time on business crime. Small achievable steps will go a long way to protect thousands of small firms from cyber attacks.

    “Every year, there are almost 4 million cases of cyberattacks against small businesses in the UK, and more than 50% of these come from phishing,” he continues. “We’d encourage as many small firms as possible to look further into this NCSC tool and see how they can implement it to protect employees as well as businesses from harm. And anyone can take part, any small business, employee or self-employed person can forward attempted scam emails to report@phishing.gov.uk.”