Kitz Forum

Internet => Web Browsing & Email => Topic started by: jelv on April 29, 2020, 09:53:35 AM

Title: National Cyber Security Centre suspicious email reporting service
Post by: jelv on April 29, 2020, 09:53:35 AM
Just picked this up from moneysavingexpert:

Quote from: https://www.moneysavingexpert.com/shopping/stop-scams/#phishing
New. A quick and easy way to report scam emails

The National Cyber Security Centre (part of GCHQ – the Government's cyber and security agency) has launched a suspicious email reporting service to take phishing scams down – all you have to do is forward suspicious emails to report@phishing.gov.uk.

Once you've reported a suspicious email, the NCSC will analyse it and any websites it links to. If it believes it's malicious, NCSC may:

    Seek to block the address the email came from, so it can no longer send emails.
    Work with hosting companies to remove links to malicious websites.
    Raise awareness of commonly reported suspicious emails and methods used.

While the NCSC is unable to inform you of the outcome of its review, it has assured us that it acts upon every message received – as an example, within the first week, the new service received over 25,000 reports and, as a direct result, it has already removed over 400 phishing campaigns.
Title: Re: National Cyber Security Centre suspicious email reporting service
Post by: jelv on April 29, 2020, 09:56:34 AM
News article on ncsc website: https://www.ncsc.gov.uk/news/public-embrace-new-email-reporting-service
Title: Re: National Cyber Security Centre suspicious email reporting service
Post by: Ronski on April 29, 2020, 07:57:50 PM
I just read this thread, and thought perfect just deleted a spam email with a suspicious attachment, so forwarded it to the provided address and got the following failure reply.

Quote
Your message did not reach some or all of the intended recipients.

      Subject:   FW: Price Offer
      Sent:   29/04/2020 19:55

The following recipient(s) cannot be reached:

      'report@phishing.gov.uk' on 29/04/2020 19:55
            Server error: '553 sorry, that domain isn't in my list of allowed rcpthosts (#5.7.1)'
Title: Re: National Cyber Security Centre suspicious email reporting service
Post by: sevenlayermuddle on April 29, 2020, 08:48:14 PM
Something about NCSC fails to inspire me, seems a little bit too oriented towards publicity stunts.   

What’s the point in telling me it has already removed 400 phishing campaigns?  Unless they express that number as a percentage of a total I have no idea whether 400 is a lot, or a minuscule drop in the ocean.

I’m aware that they are asserted to be part of GCHQ, but I can’t help get the feeling that GCHQ may just be being polite, in allowing such comparisons to go unchallenged. :(
Title: Re: National Cyber Security Centre suspicious email reporting service
Post by: gt94sss2 on April 29, 2020, 10:18:05 PM
I’m aware that they are asserted to be part of GCHQ, but I can’t help get the feeling that GCHQ may just be being polite, in allowing such comparisons to go unchallenged. :(

They are definitely linked to GCHQ and part of their expertise comes from there

https://www.ncsc.gov.uk/section/about-ncsc/what-we-do
Title: Re: National Cyber Security Centre suspicious email reporting service
Post by: Westie on April 29, 2020, 10:20:24 PM
According to the NCSC, not all reports to them are getting through. :(
I picked up this info from their site here (https://www.ncsc.gov.uk/information/report-suspicious-emails)
Quote
In a small number of cases, an email may not reach our service due to it already being widely recognised by spam detection services. The vast majority of reports do reach our system so please keep reporting any suspicious emails you receive.
Title: Re: National Cyber Security Centre suspicious email reporting service
Post by: sevenlayermuddle on April 29, 2020, 11:10:44 PM
Google’s gmail already catches the vast majority of malicious email.   

So if NCSC really want to chase up the perpetrators, why not just ask Google for details of the offences?   They’d get a far more reliable data source, compared with seeking input from the idiotic public.

Two reasons spring to mind...

1)  If it were that easy, Google would pursue the perpetrators themselves.
2)  By claiming to be doing something that the public thinks they understand, NCSC get themselves some publicity.
Title: Re: National Cyber Security Centre suspicious email reporting service
Post by: Alex Atkin UK on April 30, 2020, 03:07:14 AM
Shortly after this I get a fake Three UK e-mail, time to test this out.  ;)
Title: Re: National Cyber Security Centre suspicious email reporting service
Post by: sevenlayermuddle on April 30, 2020, 08:30:15 AM
A question, the answer to which I am unsure of...

...If I forward my received spam and or viruses to another recipient such as NCSC, is there a risk that the various spam filtering services will identify me as a ‘sender’ of malicious emails, with the risk that they start treating all of my sent mail as potential spam?
Title: Re: National Cyber Security Centre suspicious email reporting service
Post by: jelv on April 30, 2020, 10:48:49 AM
If the spam reached you (i.e. your email provider didn't see it as spam on the way in) they shouldn't see it as spam on the way out.

The mail servers at NSCS are not going to be reporting you as a spam sender* and they won't have any filtering service for incoming email (that would defeat the purpose, or if they do it would be specific filtering to drop those that they already know about), so I can't see where you could be possibly be identified as a spam sender.

* Unless you start creating new original malicious emails to them yourself!
Title: Re: National Cyber Security Centre suspicious email reporting service
Post by: sevenlayermuddle on April 30, 2020, 11:07:39 AM
Hmmm, it is as long as I can remember since I received any malicious email that was not detected by Google’s spam filters and sent to my spam folder, so it’s mainly that spam that would benefit from NCSC analysis in my case.

I did once try to forward a malicious email from my spam folder.   It was a rather nasty (ie quite convincing) fake invoice/phishing attempt that had been ‘sent’ by a local firm of tree surgeons who’d recently done some work for me, and who’s account had been obviously compromised.  I phoned them first to clear the way, then tried to send it back to them in case they wanted to see the evidence.

Gmail point blank refused to let me forward it since it contained a link to a known malicious URL, but can’t remember the exact nature of refusal.
Title: Re: National Cyber Security Centre suspicious email reporting service
Post by: Ronski on April 30, 2020, 09:11:02 PM
I just read this thread, and thought perfect just deleted a spam email with a suspicious attachment, so forwarded it to the provided address and got the following failure reply.

The above failure was down to my email client (Outlook), had the same issue tonight, turned out “My Server Requires Authentication” was no longer ticked  ???