New email scam

There’s a new email scam doing the rounds, which has tripped up three of my Heacham customers in one day (to my knowledge). I’m preparing a series of articles for the website on online safety, but in the meantime, here’s what you need to know.

The email sender (probably a random individual who’s had his own email hacked) claims to have received a file of your personal information in error and, ‘as a law-obedient citizen’, is warning you about the leak. He attaches a file which he claims contains the information. Actually it contains a set of commands which, if opened in Microsoft Word, will either steal your passwords and send them to the miscreant or encrypt all your files and demand money before you’ll be able to access them. The text of the email follows this format:

Good day to you, name!

I am bothering you for a very urgent occasion. Allhough we are not familiar, but I have considerable ammount of information about you. The fact is that, most likely by mistake, the info about your account has been emailed to me.
For example, your address is:
first line of address
nr Kings Lynn
PE31 7postcode

I am a law-obedient citizen, so I decided to prevent may have been hacked. I attached the file – that I received, that you could learn what info has become accessible for attackers. File password is – 6306

I look forward to hearing from you,

I’ve preserved the anonymity of the lady or gentleman who received it, but it actually shows the recipient’s name and address. Now, all this tells you is that someone has hacked a company mailing list and obtained a name, an address and an email address. Bearing in mind the number of hacks (Yahoo and TalkTalk are the best known) in the last couple of years, this is no surprise. It relies on scaring you into opening the attached file which contains the harmful macros.

Golden Rule No.1: never open unsolicited email attachments.

Cleverly, they have encrypted the attachment, so you have to enter the password before you can view the file. This has the effect of preventing your antivirus from scanning the contents of the attachment.

If you receive something similar, delete it without opening it. I’ve had one customer who panicked, cancelled all their credit cards and changed their email address – really no need – and another who opened it (after scanning it with an antivirus) but who was using LibreOffice instead of Word and so seems to have been unaffected. A third just deleted it. Well done (you know who you are…).

Keep alert.


PS There’s also a new ‘Your BT Bill is now available’ scam. Just make sure before you fill in any website logons that the address box at the top of the screen says and not and you’ll be fine.

This entry was posted in scams and cons. Bookmark the permalink. Both comments and trackbacks are currently closed.