Cymraeg

Urgent warning on new phishing email

April 7th 2016

Thousands of people have received a new type of phishing email that includes the recipient’s name and home address.

For information and advice on spam and scam email, click here.

The emails claim to have been sent by a number of different authentic companies and request the payment of an overdue invoice, which it says can be accessed by clicking on a link. If you receive such an email, you must not click on the link, as it will install malware such as Cryptolocker. Cryptolocker is a type of ransomware that encrypts files on Windows-based computers and demands a fee to unlock them. This effectively renders the computer unusable and generally, the files are not unlocked even if the fee is paid.

The legitimate firms involved have been swamped with phone calls from recipients of the emails.

Get Safe Online’s Tim Mitchell said: “Until now, our advice has been to be wary of emails that do not address you by name and are poorly written – typically with spelling and grammatical errors. This email, however, is well constructed and does not stop just at addressing recipients by name, but including their home address. This is a particularly worrying new development and sadly, poses a real danger to innocent people, including the more vulnerable members of society.”

BBC Radio 4 You and Yours reporter Shari Vahl is one of a number of colleagues to receive the email. Writing on the BBC website, she said: "The email has good spelling and grammar and my exact home address…when I say exact I mean, not the way my address is written by those autofill sections on web pages, but the way I write my address. My tummy did a bit of a somersault when I read that, because I wondered who on earth I could owe £800 to and what was about to land on my doormat." Vahl did not click on the link, realising that it was fraudulent.

Dr Steven Murdoch, principal research fellow at the department of computer science at University College London, told the BBC programme: "Most likely it was a retailer or other internet site that had been hacked into and the database stolen, it then could have been sold or passed through several different people and then eventually it got to the person who sent out these emails,” adding that it most likely originates from online fraud gangs in Eastern Europe and Russia.

By Get Safe Online

Written by

In partnership with