Ofwat, the water services regulator for England and Wales, has revealed that it has received over 20,000 spam and phishing emails so far this year.

The Water Services Regulation Authority (better known as Ofwat) which is the government department responsible for regulating the privatised water and sewage industry in England and Wales, said it had received 21,486 malicious emails so far this year – with 5,149 classified as phishing attacks.

Cybersecurity Live - Boston

At first glance that sounds pretty bad for such a short period of time, especially when you consider that Ofwat only employs 266 people. But is it?

Dig a little deeper into the story published in Computing and you discover that Ofwat says that it successfully blocked all 21,486 of the malicious emails.

In other words, the number could have been 10 or even 100 times larger and it wouldn’t really have been much of an issue. After all, who really cares just how much email your servers are receiving (within reason!) if your security solution running at the email gateway is correcting junking before they bother any users?

If anything, I find the claim that 100% of all spam and phishing emails were blocked a little too good to be true.

Ofwat’s email statistics were uncovered following a Freedom of Information (FOI) request by the Parliament Street think tank. My hunch is that when asked to reveal how many phishing emails and spam emails they had received, they simply went to their email gateway logs and collected the data from their anti-spam filter.

That would, of course, tell you how many spam and phishing emails it had correctly detected and blocked. But it wouldn’t tell you how much malicious email the anti-spam filter had missed, and had successfully waltzed its way through to a user’s inbox.

Knowing how (Read more...)