Scammers impersonating vicars to gain people's bank details, GCHQ warns

Scammers are increasingly impersonating real-life vicars and barristers to gain access to people's bank accounts, GCHQ has warned.

The spy agency said it had seen a sharp rise in bogus ‘phishing’ emails using the names and addresses of real law firms and churches in a bit to convince recipients they were legitimate.

The warning comes as the National Cyber Security Centre, a branch of GCHQ, revealed it prevented more than 140,000 phishing attacks in 2018.

Phishing scams involve tricking recipients into paying fees or giving out personal financial details to criminals via emails designed to look as though they are from official bodies or businesses.

The NCSC said the UK’s legal sector was becoming a particular target and it was now seeing hundreds of scams every month impersonating  firms, solicitors and barristers.

In one example released by the NCSC, a recipient was addressed by a 'Reverend Steve', who opened saying “greetings in the name of our Lord Jesus”.

The scam email went on to tell the recipient they had been named as a beneficiary in the will of the late ‘Mr Javier de la Rosa’, and that they should contact a named barrister to collect their inheritance. The NCSC said the names and addresses provided were of a real barrister and priest, but that neither would suffer any loss or harm themselves.

The agency said: “Increasingly, we’re seeing scammers use real law firms and other entities to try to make their attacks look more legitimate. If someone is partially hooked by an email, searching for the law firm or other entities in the mail and finding they’re real is probably enough to push them over the edge.”

The finding comes in the NCSC’s latest report on UK cyber security, Active Cyber Defence - The Second Year, in which the agency revealed another tactic that was particularly common with scammers was to use fake gov.uk emails to con people into handing over bank details.

In one scam intercepted by the NCSC more than 20,000 emails were sent out purporting to be from a national airport.

The fake airport email scam was automatically detected by the NCSC's Active Cyber Defence (ACD) System and prevented from reaching the intended recipients' inboxes, the organisation said.

NCSC revealed it had taken down more than 190,000 fraudulent websites in 2018 - 64 per cent of which were removed within 24 hours.

Its ACD system had also helped locate and take down the real email account used by the criminals in the airport email scheme and had also helped to reduce the criminal use of bodies linked to HM Revenue and Customs.

It said campaigns where criminals attempted to pose as the tax authority to defraud the public were down 46 percent.