Spammers Trick Users into Opening Malicious Email ‘From’ UK Cops

Written by

British law enforcers are warning internet users to delete an email which appears to have been sent from Lancashire Constabulary.

The force said in an update on Wednesday that the spam purports to come from “Lyn Whitehead” and asks the recipient to pay an invoice attached to the mail.

Lancashire Constabulary explained the following:

“If you have opened the attachment and ‘enabled macros’ it is very likely that all your personal data will have been breached. You MUST change all your passwords for personal accounts, including your bank accounts.

This email has NOT BEEN sent from Lancashire Constabulary. A third party supplier to the Constabulary has had their data breached, as a result of the breach this Lancashire Constabulary email address has been spoofed and used to generate spam to recipients far and wide.”

The police force said it was trying to determine the source of the original attack on the unnamed third party supplier, and reassured the public that its own systems had “not been breached or compromised in any way.”

Richard Beck, head of cybersecurity at training firm QA, argued that cyber-criminals are always looking for new ways to steal valuable data.

“In fact, more than 317 million new pieces of malware were created in 2014 alone. In this case, the cyber-criminals are attempting to trick the recipient into opening the attached Word document, which is booby-trapped with malware,” he added.

“In many reported phishing incidents, the actions of users—either intentional or accidental—led to a security breach. Educating users can help detect, deter and defend against the cyber-threats that every business and individual faces.”

The ability of the police to respond to such incidents varies greatly from region to region in England and Wales, according to techUK.

The industry group claimed in a report issued yesterday that closer co-operation is needed with the cybersecurity industry to raise standards.

One potential answer is to establish a Managed Service Provider (MSP) model where police contract cyber skills as and when they are needed, the report suggested.

What’s hot on Infosecurity Magazine?