A spate of fake debt recovery emails has continued to cause headaches for those small companies whose email addresses have been ‘spoofed’.
This is the process by which a real person’s name and email address appears in the ‘Reply To’ field, but is not actually the individual who sent the email.
It does not require the person’s email to be hacked – anyone can theoretically specify any reply name and address – although most present-day internet service providers and email providers require you to prove you are the holder of the account.
However, in this instance the spammers have been able to send vast quantities of emails, purporting to be debt recovery threats from small British firms.
In return, those firms have been left to handle the fallout from large numbers of enquiries from people who have received the email.
One, The Furniture Market, took to Twitter to warn all recipients of the email against opening any attachments that came along with it.
“There have been a series of fraudulent emails sent out claiming to be from us, however they are not,” the firm tweeted.
“If you receive any emails claiming to be from us with a reference number R12003585 please ignore and delete. Many thanks.”
Later, they added: “Apologies if you have been trying to contact us this evening but as you can imagine our phone has been very busy.”
The incident is just one of many in a recent series of spoof debt recovery spam attacks sent out in large quantities, and with malicious attachments linked to the emails.
It appears to depend on the recipient opening the attachment and having a relatively old version of Adobe Reader installed, which may be more vulnerable to the exploit than newer updates.
However, for businesses it is an inconvenience in terms of raising the risk of legitimate debt recovery emails being ignored – increasing the need to keep on top of invoicing and to pursue debt recovery through other methods of communication until this threat subsides.