Blog article
See all stories »

Phishing scammers get a bit more sophisticated

On Tuesday 5th April, I was going through spam on my private email account checking for any emails that may have been accidentally flagged as spam.

I have set up email forwarding from a website that I own and whenever I put my details into a web form, I normally use an alias for that website that forwards emails to my prvate email address. This helps to track the source of spam/junk emails i.e. who has sold my private info/been hacked. So, for example, if I was to book a hotel on, I would sign up with the email address of lastminute@[KinvigsOtherWebsite].com. When send a confirmation email to [KinvigsOtherWebsite].com, the server forwards it to my private email account.

The majority of emails in my spam folder were clearly junk as the subject text didn't match what I would expect. For example, the O2 mobile phone network wouldn't really send me an email to, "Get the best deal on a new boiler" or to, "Get a job as a teaching assistant", but that's some of the spam I receive to an email address I set up when I signed an O2 contract.

However, there was one email there was one email that caught my eye for the stupidest of reasons - the sender's last name was the same name as my cat. Curiosity got the better of me so I opened the email. It purported to be from someone acting on behalf of a company that apparently I owed over £1000 to, and contained a link to click for more information.

Two things stood out ot me from the email, firstly, it went direct to my private email account and hadn't been forwarded by [KinvigsOtherWebsite].com. Secondly, it contained my full home postal address. Normally, if I am required to put my postal address into an online form, I use lower case letters only (I'm a smart ass and I like to see if other online systems bother to change the words and capitalise appropriately - the majority don't).

I am very particular about who I give my private email address to - my bank, building society and paypal have it on their systems and maybe one or two others, but, for example, my mobile phone provider, broadband provider, amazon and ebay all have a unique forwarded alias.

So, the email, which was in grammatically correct english went to an email address I rarely give out, and included my home address, neatly typed out. It would seem that someone has been hacked (and no, I don't have any offshore accounts) and is keeping pretty quiet about it.

The slightly censored email text is as follows:

"Dear Dirk Kinvig,

Regarding the amount due [amount removed] GBP, we act on behalf of Henry Lewis & Son Ltd in order to collect the outstanding account value of your debt.

We would like to remind you that the amount above was due for payment on 24.03.16 but as no payment has been received, your invoice is now considered as overdue. Please find a printable version of your invoice at the following link:
[Link removed]

Original invoice will be sent out to:
Dirk Kinvig
[address line 1 removed]
[city removed], [county removed] [post code removed]

In order to avoid further costs, please forward the payment to us and transfer the amount due not later than 14.04.16

Best regards,
Sean [cat's name removed]"

Henry Lewis & Son Ltd is a yorkshire-based outfit that seems to have stopped trading, I've never used them. The email contained a link to a web site hosted on servers in France. Website meta info. I didn't click the link but I wouldn't be surprised if the link contained malware that locks the recipient's computer out for a ransom in bitcoin. I helped out a colleague last month who'd been held to ransom in a similar scam. In that instance, I traced the scammers bitcoin address on the blockchain and discovered over $100000 BTC had been deposited into there.

With regards to my spam email, the sender's email address purported to be from an italian domain purportinng to act on behalf of an email at a uk-based charity. If you're tech-savvy and probe around it becomes apparent that this email is a phishing attempt as there are many little give aways, but many people have been fooled into clicking such links in a bid to obtain more information.

The rule of thumb, should be to never click on links in unsolicited emails.



Comments: (1)

A Finextra member
A Finextra member 08 April, 2016, 16:06Be the first to give this comment the thumbs up 0 likes

Update: According to the an article on the BBC, it's been theorised that the scammers could have obtained the personal information of people for eBay. i've just checked and contrary to what I'd originally written eBay does hold my private email address. Has there been a data breach at eBay? 

Now hiring