A single-click button for workers to report dodgy emails to the National Cyber Security Centre (NCSC) has been launched in the latest bid to clamp down on cyber crime.
The cybersecurity division of GCHQ has published guidance on how company IT departments can add the button to Outlook on Microsoft 365.
People could already forward scams to the NCSC’s Suspicious Email Reporting Service (SERS), but it is hoped the ease of a single button will encourage more staff to help drive down cyber crime, which has cost organisations more than £5 million in the past 13 months.
Since launching in April last year amid a spate of coronavirus-related phishing attacks, the service has received 6.5 million reports from the public, resulting in the removal of more than 97,000 scam URL addresses.
Although filtering systems are able to block most phishing attacks before they reach staff inboxes, experts warn that bad actors are finding ways to bypass defences.
“The pandemic has shown the cybercriminals will stop at nothing to attack and defraud citizens and businesses,” said Dr Ian Levy, the NCSC’s technical director.
“But our Suspicious Email Reporting Service has also shown that the British public can help us fight back against this scourge.
“This new reporting button makes it easy for businesses using Microsoft 365 to enable their staff to report dodgy looking emails and further help combat cyber crime.
“As more people report more dodgy stuff to us, the safer everyone gets.”
Employees tricked into downloading malware that looks like it comes from IT support, clone login pages that steal people’s personal details and emails containing fake alerts from common workplace software such as Microsoft Teams, are among the types phishing attempts seen by experts.
In July, the average case reported to the NCSC took four hours to be removed.
“Sadly, criminals will use every opportunity they can to trick people into handing over their personal and financial details,” said Clinton Blackburn, temporary commander of the City of London Police.
“Phishing messages provide criminals with a gateway to obtain this information, which they will then use to commit fraud.
“This new reporting tool means that employees can protect their workplace by reporting phishing emails at the click of a button – which provides the police with more information about who is behind these crimes – preventing more people from falling victim.”