The phishing email is sent from a “law-abiding citizen” who claims to have accidentally received the email recipient’s personal details in a document which the fraudster attaches to the email.
The fraudster suggests that the email recipient’s details may have been made available to scammers and they are contacting them to try to rectify the problem. To do so the recipient must open the document.
In reality, the attached document opens the door to malware being downloaded onto the victim’s computer. The malware attempts to obtain sensitive data from victims, such as banking credentials and passwords; which is subsequently used to take money from the victim.
Action Fraud - the UK’s national reporting centre for fraud and cybercrime - has said it received 226 reports of the email in just three days.
As well as up-to-date virus protection they offer the following advice In order to protect yourself from malware.
Don’t click on links or open any attachments you receive in unsolicited emails or SMS messages. Remember that fraudsters can ‘spoof’ an email address to make it look like one used by someone you trust. If you are unsure, check the email header to identify the true source of communication.
Do not enable macros in downloads, enabling the macro will allow the Trojan/malware to be installed onto your device
Always install software updates as soon as they become available. Whether you are updating the operating system or an application, the update will often include fixes for critical security vulnerabilities.
Create regular backups of your important files to an external hard drive, memory stick or online storage provider. It’s important that the device you back up to isn’t left connected to your computer as any malware infection could spread to that too.
If you think your bank details have been compromised, you should immediately contact your bank.
Detective Chief Inspector, Andy Fyfe of City of London Police, said: “The sheer number of reports that we have received over the past three days is concerning and reports continue to be made.
“We are warning the public to be vigilant and not click on links or attachments from unknown recipients or in unsolicited emails.”