Recent billing emails claiming to be from UK Fuels Ltd are bogus and pose a security risk.
Today (11 December 2014), bogus emails from email@example.com have been sent to random customers and contacts claiming to be from UK Fuels Ltd. Based on these spam emails we have been made aware of, the subject line is ‘UK Fuels E-Bill’. Recipients are asked in this bogus email to open the attachment, which is a Microsoft Office Word document and also to direct any enquiries to the email address provided.
These emails have not originated from UK Fuels Ltd or ebillinvoice.com and are forgeries. We are taking all the necessary steps to identify the source of these malicious phishing emails.
Please do not open the attachment, reply to the email, forward it to any other contacts or disclose any personal or payment information in response to the email.
You should always be suspicious of unsolicited emails, even if they appear to be from a trusted source. If you have any doubt that an email you receive from UK Fuels Ltd is genuine, please take care.
Why has this happened?
We understand that this problem has occurred as a result of spear phishing. According to the StaySafeOnline website, these are “highly specialised attacks against a specific target or small group of targets to collect information or gain access to systems.
For example, a cybercriminal may launch a spear phishing attack against a business to gain credentials to access a list of customers. From that attack, they may launch a phishing attack against the customers of the business. Since they have gained access to the network, the email they send may look even more authentic and because the recipient is already customer of the business, the email may more easily make it through filters and the recipient maybe more likely to open the email.
The cybercriminal can use even more devious social engineering efforts such as indicating there is an important technical update or new lower pricing to lure people.”