Scammers use GCHQ cyber crime chief ’s name in £5m fraud ‘con’
SCAMMERS impersonated one of Britain’s top cyber crime chiefs in a brazen fraud attempt involving a fake £5million heist, GCHQ has warned.
Lindy Cameron, chief of the spy agency’s National Cyber Security Centre division, had her name used in an email attempt to trick people into handing personal information to criminals.
The con was disclosed yesterday as the NCSC revealed it had forced more than 2.7million scam campaigns offline during 2021.
Ms Cameron said: “Scammers will go to great lengths and indeed my name has been used to try to trick people, but as we continue to expand our defences, we can see the tangible impact this is having.”
The “phishing” email posed as a genuine communication from the agency.
It claimed that NCSC staff had prevented £5million being stolen from the email recipient and that to recover the money, the victim just had to confirm some personal details.
Doing so, however, would have put that information straight into the hands of criminals.
The missive, sent “on behalf of Mrs Lindy Cameron”, said: “This official memorandum is to inform you that we discovered that some officials who work under the United Kingdom Government have attempted to divert your funds through a back-door channel.”
It went on to say a “suspect” had been “apprehended at the London Heathrow International Airport, early this morning” carrying £5million in cash stolen from the email recipient’s company.
To reclaim the “stolen” cash, recipients of the email were encouraged to send their details by reply.
Fraud prevention association Cifas said cases of identity theft increased by almost a quarter between 2020 and 2021, with more than 226,000 recorded on its National Fraud Database last year,
More than 1,400 Nhs-themed phishing campaigns were removed last year by the NCSC, which was set up in 2016 using GCHQ personnel.
The agency’s brief is to defend Britain’s public sector, and increasingly its private sector, from online security threats. It runs a webpage where the public can report suspicious websites, which it can take offline.