Skip to content
NGTEdu Logo

NGTEdu

A PRODUCT OF NGTECH.CO.IN

NGTEdu Logo

NGTEdu

  • Home
  • Cyber Attacks
  • Malware
  • Vulnerabilities
  • Data Breach
  • Home
  • Cyber Attacks
  • Ofwat reveals it has received 20,000 spam and phishing emails so far this year
  • Critical Vulnerability
  • Cyber Attacks
  • Data Breach

Ofwat reveals it has received 20,000 spam and phishing emails so far this year

5 years ago Graham Cluley
Ofwat reveals it has received 20,000 spam and phishing emails so far this year

Ofwat, the water services regulator for England and Wales, has revealed that it has received over 20,000 spam and phishing emails so far this year.

The Water Services Regulation Authority (better known as Ofwat) which is the government department responsible for regulating the privatised water and sewage industry in England and Wales, said it had received 21,486 malicious emails so far this year – with 5,149 classified as phishing attacks.

At first glance that sounds pretty bad for such a short period of time, especially when you consider that Ofwat only employs 266 people. But is it?

Dig a little deeper into the story published in Computing and you discover that Ofwat says that it successfully blocked all 21,486 of the malicious emails.

In other words, the number could have been 10 or even 100 times larger and it wouldn’t really have been much of an issue. After all, who really cares just how much email your servers are receiving (within reason!) if your security solution running at the email gateway is correcting junking before they bother any users?

If anything, I find the claim that 100% of all spam and phishing emails were blocked a little too good to be true.

Ofwat’s email statistics were uncovered following a Freedom of Information (FOI) request by the Parliament Street think tank. My hunch is that when asked to reveal how many phishing emails and spam emails they had received, they simply went to their email gateway logs and collected the data from their anti-spam filter.

That would, of course, tell you how many spam and phishing emails it had correctly detected and blocked. But it wouldn’t tell you how much malicious email the anti-spam filter had missed, and had successfully waltzed its way through to a user’s inbox.

Knowing how much unwanted email has been successfully detected and blocked at the gateway might help you try to determine if there is a trend, but it doesn’t tell you how much is getting through.

And it is the malicious emails that make it through to the user which are, of course, the biggest concern. Are we really to believe that no-one at Ofwat has received a spam message or phishing email in their inbox so far this year? I would find that extraordinary if true.

Understanding the true level of the problem is important, of course, as it helps organisations determine whether they are putting enough resources into cybersecurity, and whether existing measures are working successfully.

And it’s particularly important when the public faces headlines from the NCSC about the need to secure smart cities, and defend critical public services – such as water – from the threat of cyber attack.

In that context it might be easy for the general public in England and Wales to worry about the tens of thousands of malicious emails they hear are flooding into the water regulator. But don’t forget that Ofwat doesn’t actually control any water systems – it just regulates the water industry.

Of course, a malicious hacker who managed to penetrate Ofwat’s computer network and pose as an Ofwat employee might be able to then send malicious emails to companies which work in the industry, which might have access to such critical systems. But that is one further step removed.

In short, I’m not sure whether we should be pleased or not about the statistics gathered from Ofwat’s response to the FOI request, as it feels like we’re not getting a clear picture of what is really going on. The stats make a nice headline, but don’t really tell us anything.

The Parliament Street think tank has made headlines with its FOI requests in the past. For instance, earlier this year it revealed through a similar FOI request that NHS staff had been sent 137,476 unwanted emails (27,958 classified as phishing emails, and 109,491 suspected of being spam) during 2020.

With the NHS in England employing over one million people, I have to be skeptical as to whether those figures – just like those derived from Ofwat – are truly representative of the scale of the problem.

It is important for us to understand the scale of the problem facing national bodies such as Ofwat and the NHS, but simple counts of blocked emails muddy the waters.

Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc

The post ” Ofwat reveals it has received 20,000 spam and phishing emails so far this year” appeared first on TripWire

Source:TripWire – Graham Cluley

Tags: Critical Severity, Goverment, Hacker, Phishing, TripWire

Continue Reading

Previous Five Critical Password Security Rules Your Employees Are Ignoring
Next Apple’s ‘Find My’ Network Exploited via Bluetooth

More Stories

  • Cyber Attacks

⚡ Weekly Recap: Telecom Sleeper Cells, LLM Jailbreaks, Apple Forces U.K. Age Checks and More

4 hours ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach

Iran-Linked Hackers Breach FBI Director’s Personal Email, Hit Stryker With Wiper Attack

2 days ago [email protected] (The Hacker News)
  • Critical Vulnerability
  • Vulnerabilities

Citrix NetScaler Under Active Recon for CVE-2026-3055 (CVSS 9.3) Memory Overread Bug

2 days ago [email protected] (The Hacker News)
  • Critical Vulnerability
  • Cyber Attacks
  • Vulnerabilities

CISA Adds CVE-2025-53521 to KEV After Active F5 BIG-IP APM Exploitation

2 days ago [email protected] (The Hacker News)
  • Critical Vulnerability
  • Cyber Attacks

Apple Sends Lock Screen Alerts to Outdated iPhones Over Active Web-Based Exploits

3 days ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach

TeamPCP Pushes Malicious Telnyx Versions to PyPI, Hides Stealer in WAV Files

3 days ago [email protected] (The Hacker News)

Recent Posts

  • ⚡ Weekly Recap: Telecom Sleeper Cells, LLM Jailbreaks, Apple Forces U.K. Age Checks and More
  • 3 SOC Process Fixes That Unlock Tier 1 Productivity
  • The State of Secrets Sprawl 2026: 9 Takeaways for CISOs
  • Russian CTRL Toolkit Delivered via Malicious LNK Files Hijacks RDP via FRP Tunnels
  • Three China-Linked Clusters Target Southeast Asian Government in 2025 Cyber Campaign

Tags

Android APT Bug CERT Cloud Compliance Coronavirus COVID-19 Critical Severity Encryption Exploit Facebook Finance Google Google Chrome Goverment Hacker Hacker News High Severity Instagram iPhone Java Linux Low Severity Malware Medium Severity Microsoft Moderate Severity Mozzila Firefox Oracle Patch Tuesday Phishing Privacy QuickHeal Ransomware RAT Sim The Hacker News Threatpost TikTok TripWire VMWARE Vulnerability Whatsapp Zoom
Copyright © 2020 All rights reserved | NGTEdu.com
This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Read More here.Cookie settingsACCEPT
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Non-necessary
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
SAVE & ACCEPT