When we came into our office on Thursday 18th December the phone was unusually busy – in fact, it was ringing off the hook. People had received an email, seemingly from AquAid, stating that we had taken a card payment from them. Attached to the email was supposedly their receipt.
As we had not taken any payments we quickly realised something was wrong. Very wrong. Someone had copied our email layout and were sending emails to people around the world. Anyone who received the email and opened the attachment became unwilling contributors to our phone-rush, in that their computers started sending the same email to people within their address book.
Between 18th December and the Christmas break we had 8 people engaged full time in answering phone calls from people either asking us if we indeed had taken a payment, or just wanting to tell us they had received what they thought was a spam email, in case we weren’t already aware (probably the only time in my life I have wished people were less friendly). The calls have come from far and wide – USA, Canada, United Arab Emirates, Germany and Australia are just some of the places where the email has made it to.
There was a mobile telephone number on the email, alongside our landline number, which since the 18thDecember has received 11,000 missed calls – we apologise to anyone who has not had a return phone call, but I hope you understand we simply do not have the manpower to do so. My best estimate is that we have answered more than 7,500 calls relating to this email issue.
The emails are apparently being sent with a view to mine data. Anyone who opens the attachment will, over and above becoming a sender of the email themselves, have their computer scanned for anything that looks like passwords or account numbers. This will then be sent to the fraudsters who will try to use it for monetary reward.
I hope that none of you opened the email attachment or ever become victims of this type of attack. Our crash course in email spam has made us realise there is little a business can do to avoid this happening over and above sensible IT security. If people can hack into NASA, Ministry of Defence or Sony, there is little a relatively small business can do.
Sincere Regards,
Peter Hansen
