Warning: new and convincing email scam
The National Fraud Intelligence Bureau (NFIB) has issued advice and a warning about a new type of fraudulent email containing an attachment which will, once opened, download malware onto the victim’s computer.
The NFIB has issued the warning because the wording of the email is a new variation on common "phishing" emails and is very convincing. The email contains realistic looking details of an order, which is completely fake, from what appears to be a legitimate company. The email address of this company is "spoofed", which means that it is a forged but looks correct. The payment method for the fake order is always described as having taken place by credit card, with details of a fake transaction number, and the email will state that the victim can find more detailed information on the purchase in an attached file, which could be of the .zip type.
Many people fall victim to opening the attachment because they can not remember placing an order and wish to find out more. Opening this attachment may infect your computer with a virus. In this case it will be malware, short for malicious software, which could do anything from disrupting the operation of the victims’ computer to extracting sensitive information such as passwords and sending it on to the originators of the fake email. The NFIB has received a very high volume of reports and complaints about this new and convincing fraud. The NFIB advises the following steps to reduce the potential for falling victim to this type of virus:
- Do not click on any attachments or links within emails unless you are sure that you know who has sent them.
- If you have not recently made an order with the company specified in the email (remember it is a forged email address) do not open the attachment.
- Check the legitimacy of the email with the company that have supposedly sent it – it is a good idea to find a telephone number for them independently from the email as the number provided in the email may be forged and may even go straight to the originators of the fraud.
- Ensure you have up-to-date anti-virus software and perform regular scans.
- If you have opened the attachment be extra vigilant when logging on to online banking and consider having your machine checked by an expert.
If you think you have been a victim of this type of email you should report it to Action Fraud, the UK’s national fraud and cyber crime reporting centre. Details of how to contact Action Fraud by telephone or online can be found at Action Fraud.