Your browser isn't supported
It looks like you're using an old web browser. To get the most out of the site and to ensure guides display correctly, we suggest upgrading your browser now. Download the latest:

Welcome to the MSE Forums

We're home to a fantastic community of MoneySavers but anyone can post. Please exercise caution & report spam, illegal, offensive or libellous posts/messages: click "report" or email forumteam@.

Search
  • FIRST POST
    • vkharch
    • By vkharch 4th Apr 16, 12:15 PM
    • 36Posts
    • 4Thanks
    vkharch
    Spear phishing scam?
    • #1
    • 4th Apr 16, 12:15 PM
    Spear phishing scam? 4th Apr 16 at 12:15 PM
    Hi,

    I've just receive 2 suspicious emails one in my gmail Inbox another into Spam folder with similar message quoting my full name and previous address.

    Dear [My Name],

    Regarding the amount due 1940.89 GBP, we act on behalf of Airnesco Group in order to collect the outstanding account value of your debt.

    We would like to remind you that the amount above was due for payment on 23.03.16 but as no payment has been received, your invoice is now considered as overdue. Please find a printable version of your invoice at the following link:
    http://www.littlebigdev.net/index.php?e=n-7a820__________ [amended]

    Original invoice will be sent out to:
    [My correct name and previous address]

    In order to avoid further costs, please forward the payment to us and transfer the amount due not later than 10.04.16

    Yours truly,
    Peter Richardson

    The email was send from Peter Richardson @stuart-bathurst.org.uk which is high school domain.
    Airnesco Group is manufacturer of a compressed air operated products which I've never heard of or dealt with.

    The second email differ only in sender's email, company name and amount. The rest of the wording is the same.

    Does anyone come across similar communication as of today there were few post with similar message on www.avforums.com
Page 2
    • hooverman007
    • By hooverman007 5th Apr 16, 5:19 PM
    • 2 Posts
    • 0 Thanks
    hooverman007
    Think about it?
    The sender's email address you've quoted most likely would not have been involved, posting it publicly here exposes them to more spam.
    Originally posted by SomeOne
    Ridiculous comment. If you had bothered to read the text properly you would find that I explained that the @chect.org.uk belonged to a childrens cancer trust. People are on here to warn and advise each other. Not to send out emails to fictitious scammers
    • SomeOne
    • By SomeOne 5th Apr 16, 5:22 PM
    • 142 Posts
    • 41 Thanks
    SomeOne
    Whilst you did mention that it belonged to that organisation, you also posted an email address which a bot can easily scrape.
    Last edited by SomeOne; 05-04-2016 at 5:25 PM.
    ---------
    SomeOne
    • Rebel Cause
    • By Rebel Cause 5th Apr 16, 5:29 PM
    • 181 Posts
    • 343 Thanks
    Rebel Cause
    I have just got the same thing, different company and the layout and wording you state is exactly the same.
    • UMustReadThis
    • By UMustReadThis 5th Apr 16, 8:07 PM
    • 1 Posts
    • 4 Thanks
    UMustReadThis
    Mine was received on the 4th at my Gmail account. I'm in IT so am wise to most scams etc, but to date I have never received an email featuring my full name, email address and home address, which were all still valid.

    My head and experience said it was a scam because of the following:

    1. Grammatically dodgy in parts
    2. The return address was a housing association in Scotland that I'd never dealt with before
    3. The named Ltd company had been dissolved years ago
    4. The download link had a suffix of .DK and didn't look like an address you would have invoices stored.

    Anyhow, I searched Google yesterday but had no joy finding anyone who had received anything similar. This email would have gone straight in the bin, but my details showing had made me paranoid.

    To cut a long story short I decided to use my backup lappy to click on the link, I'm running Eset, Malwarebytes and Crypto Prevent so I was confident one of them would stop the payload.

    I clicked on the link and it takes you to a download page on a service that has been compromised, there is a zip file which has your name and invoice as the file name. You have to enter a capture and then hit submit to start the download.

    Bang, Eset sprung to life and stopped the download because the payload was a TROJAN which was only added to their virus definitions yesterday. I tried it on another lappy that has f-secure and that also stopped it in it's tracks, so whatever you do DO NOT be tempted to click on that link out of curiosity.
    • ScorpiondeRooftrouser
    • By ScorpiondeRooftrouser 6th Apr 16, 1:18 PM
    • 2,106 Posts
    • 3,139 Thanks
    ScorpiondeRooftrouser
    Don't ever click on any link in any email out of curiosity. Only ever click on a link in an email if you know exactly where it is going and you actually want to go there. And even then check it.
    • SomeOne
    • By SomeOne 6th Apr 16, 3:35 PM
    • 142 Posts
    • 41 Thanks
    SomeOne
    This has also made it to BBC News:

    Phishing email that knows your address - http://www.bbc.co.uk/news/technology-35977227
    ---------
    SomeOne
    • JAG
    • By JAG 8th Apr 16, 8:13 PM
    • 1,232 Posts
    • 1,378 Thanks
    JAG
    I received a similar email and my postal address contained the same error that was only on an old eBay account.

    So they must be using data collected from one of the eBay security breaches.

    http://www.bbc.co.uk/news/technology-35996408
    • inflationbuster
    • By inflationbuster 9th Apr 16, 9:26 PM
    • 129 Posts
    • 29 Thanks
    inflationbuster
    I've just deleted my eBay account.
    • robatwork
    • By robatwork 10th Apr 16, 9:18 AM
    • 4,009 Posts
    • 4,353 Thanks
    robatwork
    I've just deleted my eBay account.
    Originally posted by inflationbuster
    You should move house, just to make sure.
    • soolin
    • By soolin 10th Apr 16, 9:20 AM
    • 59,593 Posts
    • 42,287 Thanks
    soolin
    I've just deleted my eBay account.
    Originally posted by inflationbuster
    That's fine, do whatever you feel is important.

    Not sure how an historical leak is going to be prevented by no longer having the account though- and ultimately the same rules apply, don't click on strange links. If you are nervous online or think that perhaps you might fall for a phishing mail or malware then go onto the tech board and ask them to recommend a really strong anti virus programme that will weed out anything nasty before you even see it. If you have clicked on anything then the tech board is still the best place to go for advice.
    I'm the Board Guide for the Ebay Board , Charities Board , Dosh & Disability , Up Your Income and the Local MoneySaving-England board which means I volunteer to help get your forum questions answered and keep the forum running smoothly. However, do remember, board guides don't read every post. If you spot an illegal or inappropriate post then please report it to forumteam@moneysavingexpert.com (it's not part of my role to deal with this). Any views are mine and not the official line of MoneySavingExpert.com
    New to Forum? Guide
    • forgotmyname
    • By forgotmyname 10th Apr 16, 11:46 AM
    • 26,230 Posts
    • 10,469 Thanks
    forgotmyname
    I've just deleted my eBay account.
    Originally posted by inflationbuster
    You need to delete your email account and your name and address.



    Still not got one Although my address is the same on ebay, my name wont be.

    I use a different variation on ebay and paypal. So it it was an old email linked to both then i will know which one.

    I have used different emails addresses for ebay and paypal for a while now so looking forward to my spam
    Punctuation, Spelling and Grammar will be used sparingly. Due to rising costs of inflation.

    My contribution to MSE. Other contributions will only be used if they cost me nothing.

    Due to me being a tight git.
    • dealer wins
    • By dealer wins 11th Apr 16, 11:44 PM
    • 5,597 Posts
    • 10,514 Thanks
    dealer wins
    Rather than deleting anything, dont pay email demands for money that you have no idea about and know you dont owe?
    All replies are super fluffy and nice, and newbies are so lovely and welcome. PPR never again!
    • mr_fishbulb
    • By mr_fishbulb 12th Apr 16, 10:01 AM
    • 5,056 Posts
    • 2,813 Thanks
    mr_fishbulb
    Rather than deleting anything, dont pay email demands for money that you have no idea about and know you dont owe?
    Originally posted by dealer wins
    This particular email campaign isn't about getting someone to pay that debt. It's currently being used to spread a piece of crypto ransomware called Maktub.

    If you click on the link in the email, it will attempt to download a dropper to your machine which will then grab a variant of Maktub (which has been slightly changed so your antivirus software won't detect it). This will start encrypting all your files and when it is finished, it will demand payment to decrypt them.

    The demand for payment in the email is just a rouse to get the victim to click on the link.
Welcome to our new Forum!

Our aim is to save you money quickly and easily. We hope you like it!

Forum Team Contact us

Live Stats

1,937Posts Today

6,555Users online

Martin's Twitter