Thousands of business email users in the United Kingdom were made the subject of a phishing attack, after receiving an email about tickets they supposedly booked for a Christmas-time Peter Pan theater production in Bournemouth.
Hackers purportedly from Eastern Europe are said to be behind the attack in an attempt to break into businesses' security barriers and infiltrate their electronic networks. Phishing scams are not uncommon, with most of them involving emails claiming to come from financial institutions, but many of the victims have reported that this email, which purports to come from lifestyle, events and ticketing service BH Live, gave off an authentic feel.
The email claims to be an invoice for nine tickets to a 7 P.M. Peter Pan show at the Bournemouth Pavilion on Dec. 23, with three tickets booked for adults and six for children. It also states that the tickets, which supposedly cost £145 all in all, were purchased by a MasterCard credit card with the last four digits of 7006. Attached to the email is a .zip file that the sender claims to contain the nine e-tickets to be printed out for the event.
This .zip file, however, contains malicious software that, when opened, steals user information, including passwords for their online accounts, and attacks other Internet users via websites that the infected user visits. This could lead to some users having their Internet connection service cut off if their computers are proven to be spreading the malware through the Internet.
Indeed, BH Live has a Peter Pan production at the Bournemouth Pavilion from Dec. 6 to Jan. 4, but the company says it has not sent out any emails containing invoices for tickets for the production.
"BH Live's Information Security teams together with information technology professionals and suppliers have investigated the matter and confirm that its internal systems have not been breached and that the emails were sent from known SPAM IP addresses," says BH Live in a statement. "The emails are not genuine and do not originate from BH Live."
Security experts have identified the SPAM IP addresses as coming from the National Academy of Sciences in Belarus with servers found in France. Systems analyst Andrew Conway of Cloudmark Internet Security warns the public should watch out for a deluge of cyber-attacks coming from former Iron Curtain countries, where they have "a great educational system, turning out a lot of smart people who know all about computers, but not that many employment opportunities."
"They don't have the high-tech sector," says Conway. "A lot of these people are turning to computer crime because that's just a way to use their expertise."
Users, meanwhile, are encouraged to delete any emails claiming to be from BH Live, especially if they are not expecting one at all. They should also refrain from downloading and opening any attachments from suspicious emails and ensure that they have up-to-date security systems.