BETAThis is a new service. Your feedback will help us to improve it.
Font Size:
Speech:
Date Responded 25 July 2018

Provision of information held by Northumbria Police made under the Freedom of Information Act 2000 (the 'Act')

As you may be aware the purpose of the Act is to allow a general right of access to information held at the time of a request, by a Public Authority (including the Police), subject to certain limitations and exemptions.

You asked:

1. What percentage of emails that your organisation receives are fraudulent – i.e. phishing messages, BEC (business email compromise) attacks, CEO Fraud, malware laden, etc. 

• Please indicate as a percentage: __________________ %

• Don’t Track 

2. What is the most common type of fraudulent email/cyber-attack that your organisation receives? 

• CEO fraud – this is when someone sends an email impersonating a senior company executive asking an employee to make payments for goods or services into a fraudulent bank account

• Fraudulent transaction requests – fraudsters send invoices for payment of goods or services as if from a legitimate organisation

• Credential theft – fraudsters send messages trying to get users to divulge their username and password or other sensitive information

• Ransomware

• Other

• Don’t Track 

3. Has your organisation suffered financial loss in the last 12 months as a direct result of a faked email message being received that tricked an employee into sending money via wire transfe 

● Yes

● No

If yes, please state how much was lost (if fallen victim more than once, please provide total amount given to scammers): _____________________ 

4. Has your organisation had a device/system infected by ransomware in the last 12 months that was delivered via email:

● Yes – once

● Yes – more than once

● We were infected by ransomware but the source wasn’t traced

● Never 

NB: If you have answered yes, please answer the following questions for each separate ransomware infection (if numerous devices were infected at the same time, this counts as one incident)

How long were systems affected: ________________________ 

Did you pay the ransom: 

● Yes

● No

 

If yes, how much was paid: _____________________

Did the criminals provide the information/program needed to restore systems: 

● Yes

● No

5. Do you use the domain-based message authentication, reporting and conformance protocol (DMARC) to block fake emails being spoofed to appear as if they have been sent by your company/organisation:

● Yes

● No

● Don’t know 

6. Are you aware if your organisation/brand has ever been ‘spoofed’ and used by scammers to send emails trying to trick people

● Yes – before we started using DMARC

● Yes – after we started using DMARC

● Yes – but not sure if it was before or after using DMARC

● Never

● Don’t Track 

If yes, please state how many separate incidents of your organisation/brand being spoofed that you know of: 

before we started using DMARC: _____________________ 

after we started using DMARC: _____________________ 

7. Do you publicise externally how a member of the public can check an email communication with your organisation to determine if it is fake? 

● Yes

● No 

If yes, how many reports have you received in the last 6 months of fake/phishing messages:

● _____________________ 

● Don’t Track 

8. Do you publicise internally how a member of your workforce (including third party suppliers) can check an email communication with your IT/Security team to determine if it is fake? 

● Yes

● No

If yes, how many reports have you received in the last 6 months of fake/phishing messages:

● _____________________ from internal workforce 

● _____________________ from third party suppliers 

● _____________________ from both internal and third party suppliers as don’t differentiate between senders 

● Don’t Track 

9. Do you provide a report button within your email system for end users to report phishing emails? 

● Yes

● No 

10. Does your organisation have a SOC (Security Operations Centre) or IT security team? 

● Yes

● No 

11. Do you have a secure email gateway? 

● Yes

● No

● Don’t know

 

In Response:

We have now had the opportunity to fully consider your request and I provide a response for your attention.

Following receipt of your request, searches were conducted with the ICT Department of Northumbria Police. I can confirm that the information you have requested is held in part by Northumbria Police however cannot be disclosed for the following reasons.

The information you are looking for is not held in centrally nor is it held in a retrievable format.  To provide a response at point 2 would require each department mailbox being interrogated to establish if any fraudulent email had been received then collate the information into the themes you have outlined in this part of your submission.  There is no time frame on this part of your request however, even if we were to assume it was for a 6 month period, to manually review  hundreds of mailboxes could not be achieved within the permitted 18 hours.  This figure does not take into consideration officer or staffs personal mailboxes.

As we have estimated that to extract this part alone  would take over 18 hours, therefore Section 12(1) of the Freedom of Information Act would apply. This section does not oblige a public authority to comply with a request for information if the authority estimated that the cost of complying with the request would exceed the appropriate limit of 18 hours, equating to £450.00 

You should consider this to be a refusal notice under Section 17 of the Act for your request. 

When applying Section 12 exemption our duty to assist under Section 16 of the Act would normally entail that we contact you to determine whether it is possible to refine the scope of your request to bring it within the cost limits. However, from the information we have outlined above I see no reasonable way in which we can do so.

Additionally  FOI relates only to information held in a recorded format at the time the request is received and there is no requirement for us to  create just to offer a response to a FOI request.  Information may not be  held in the format you have expected us to respond to, such as percentages.

To note - previous FOIs with regards to releasing data about ransomware have been refused as exemptions have been applied to withhold.  Such requests can be found on the Northumbria Police Disclosure Log, where the relevant exemptions have been outlined. 

back to top