The organization said the blocked messages included spam, malware, phishing emails, and suspicious pop-ups intercepted through Microsoft Edge protections. According to statements issued by NS&I, the measures were designed to protect both internal systems and customer data.
NS&I’s update comes after separate issues involving customer account access drew attention to security and operational risks facing financial institutions. Cybersecurity specialists warned that increasingly sophisticated scams, including AI-generated phishing emails, are making attacks harder to detect.
The latest figures also highlight the growing scale of digital threats aimed at organizations managing large amounts of financial information. Experts said both companies and consumers are facing greater exposure as more personal and financial data is shared online.
Phishing Attacks Rose Sharply Despite Overall Decline in Blocked Emails
According to the Freedom of Information data reported by multiple UK news outlets, NS&I blocked 132,126 emails during the past three years. The largest category was spam, accounting for 97,777 messages.
The overall number of blocked emails declined during the last year covered by the data. Yet phishing attempts increased significantly over the same period, rising from 1,043 to 4,414. The blocked communications also included malware threats and Edge Block interventions, which refer to Microsoft Edge security tools designed to stop suspicious pop-ups and advertisements.
Andy Ward, senior vice president international at cybersecurity company Absolute Security, said organizations handling large sums of money remain attractive targets for cybercriminals. According to Ward, attackers are increasingly using AI-generated phishing emails to deceive employees and gain access to systems.
“Any organisation and any person can be a target for cybercriminals” Ward said. He added that even short disruptions affecting institutions such as NS&I could have serious consequences for customers.
NS&I stated that it “takes the security of its systems very seriously” and said it has “robust processes in place to detect and prevent malicious communications.” The organization also clarified that the Freedom of Information request referred only to incoming emails received by NS&I, not messages sent to customers.
Security Concerns Follow Earlier Customer Account Disruption
The disclosure follows an earlier incident in which around 37,000 NS&I customers temporarily lost access to their savings accounts. According to reports, up to £476 million in deposits were affected during the disruption.
The issue reportedly created difficulties for some bereaved relatives attempting to access savings belonging to deceased family members. The incident increased scrutiny around operational resilience and customer account security.
Charlotte Wilson, head of enterprise for UK and Ireland at cybersecurity firm Check Point, said large-scale data exposure has become more common as consumers routinely share personal information online. According to Wilson, details provided through loyalty schemes, digital receipts, and online forms can increase risks when data breaches occur.
“When it comes to incidents such as NS&I’s lost savings, where there’s lots of data involved, AI makes it easy for cybercriminals to find vulnerabilities,” she said.
Wilson also warned that personal information beyond direct financial data can contribute to larger security breaches. She said consumers often underestimate the risks associated with sharing seemingly routine information online. NS&I has continued to emphasize that its systems include protections intended to identify and block malicious communications before they can affect operations or customer data.
