Fake email alerts from Companies House and HMRC have become increasingly sophisticated. There was a time when it was relatively easy to spot a fake email alert but even accountants have been caught out by recent fake email alerts. And it isn’t just Companies House and HMRC. Be careful of emails from banks, other institutions, postal services, voicemail services and even Skype. Previously harmful emails have tried to direct you to a fake website to steal your personal details but these recent emails have attachments which could harm your computer.
What to look for
These fake email alertss have an attachment which appears to support details in the email message. For example, it could claim to be a customer complaint from Companies House, a missed delivery or a bank transaction. The email address could give you a clue that it is a fake email alert but many now look like they have come from a genuine email address. Some fake emails have footers which have been obviously copied from another email. If you are not expecting an email from the sender, think twice before opening any attachments, particularly .zip files.
These emails are all trying to get you to do one thing: open the attachment. The attachment invariably contains malware or a virus and will either damage your computer, steal your details or even demand a ransom (see an article from the National Crime Agency on Cryptolocker).
The National Crime Agency provides this advice:
This is a case where prevention is better than cure.
- The public should be aware not to click on any such attachment.
- Antivirus software should be updated, as should operating systems.
- User created files should be backed up routinely and preserved off the network.
- Where a computer becomes infected it should be disconnected from the network, and professional assistance should be sought to clean the computer.
- Various antivirus companies offer remedial software solutions (though they will not restore encrypted files).
Example of fake emails
Follow the links for some examples of fake emails: