Fraudsters are sending out a high number of ‘phishing’ emails to personal and business email addresses, pretending to come from ‘donotreply’ followed by a name similar to a recognised security or policy address, for example: ‘donotreply@city-of-london.pnn.police.uk’. The subject line currently is shown as a series of random numbers and letters: ‘RNP0024D5D73B3A’ and ‘KMBT_C220’ have both been seen.
The emails include an attachment – a .zip file, usually with the current date followed by random digits in the file name. These attachments contain a password stealing component, with the aim of stealing your bank, PayPal or other financial details along with your email or web log-in credentials. Many of them are also designed to steal your Facebook and other social network log-in details. A very high proportion also contain ‘Locky’ ransomware that, once downloaded, will encrypt files and demand money (typically about £350) to recover the files.
Protection/Prevention Advice
Having up-to-date virus protection is essential; however it will not always prevent your system from becoming infected. Please also consider the following actions:
- Don’t click on links or open any attachments you receive in unsolicited emails or SMS messages. Remember that fraudsters can create an email address to look like one used by someone you trust. If you are unsure, check the email header to identify the true source before you open any attachment or click on any links.
- Always install software updates as soon as they become available, the update will often include fixes for critical security vulnerabilities.
- Create regular back-ups of your important files. It’s important that the device you back up to is not left connected to your computer as any malware infection could spread to that too.
- Don't pay extortion demands – there is no guarantee that access to your files will be restored if you do pay.
- If you think your bank details have been compromised, contact your bank immediately.
- If you have been affected by this, or any other scam, report it to Action Fraud by calling 0300 123 2040 or visit Action Fraud's website (external link)