Security and risk Online: Warning about phishing malware



Warning about phishing malware email claiming to be about donation to Migrant Helpline charity

Staffordshire residents are being warned to watch out for a new internet scam aimed at stealing personal banking details.

Police in the county have shared an appeal, from the National Fraud Intelligence Bureau, advising people not to open emails claiming to be from the charity Migrant Helpline.

A link in the email, which thanks the recipient for making a donation of just under £200 to the charity, downloads phishing malware onto the victim's device.

Although Migrant Helpline is a genuine charity, police say fraudsters are using it to trick members of the public into becoming victims of this fraud – and emphasize the fraud is in no way related to the real charity.

Read More: Urgent food recall of frozen fish and chicken from Home Bargains

Here is what you need to know.

What email address does the scam email come from?

The email address sending the majority of emails is [email protected], however multiple email addresses have been seen.

What does the e-mail say?

The subject line currently is 'Thank you for choosing to donate to Migrant helpline' – although this is understood to change.

The person who receives the email will see their name and telephone number in the second paragraph – police say these tend to be the correct details for whoever has received the, seemingly targeted, message.

The body of the message reads: "Thanks again for donating We're sending it straight to Migrant Helpline so you'll be making a difference very soon.

"Your donation details: First name: **** Last name: **** Tel. ********* Amount: £196 Donation Reference: 09493495

"If you have any questions about your donation, please follow this link and download Your (Donation Reference 09493495), with the transaction details listed above.

"With your help, YeshivaDonations can continue to work in Syria and neighbouring countries to deliver clean water and life-saving supplies to millions of people.

"Your generosity is bringing much-needed assistance to families who have lost everything as a result of the crisis in Syria. Warm regards, YeshivaDonation."

So, how does the scam work?

As well as the above text, the email also contains a link which, once clicked, downloads malware onto the victim's device.

This malware is equipped to target and steal corporate banking details – and even the most up-to-date virus protection is sometimes not enough to prevent your device being infected according to the National Fraud Intelligence Bureau.

What can I do if I think my financial information has been stolen?

If you think your bank details have been compromised, you should contact your bank immediately.

Victims of this fraud, or similar schemes, should contact Action Fraud by calling 0300 123 2040, or visiting www.actionfraud.police.uk.

What actions can I take to avoid becoming a victim?

The National Fraud Intelligence Bureau has the following advice to avoid becoming a victim.

·        Don't click on links or open any attachments you receive in unsolicited emails or SMS messages. Remember that fraudsters can 'spoof' an email address to make it look like one used by someone you trust. If you are unsure, check the email header to identify the true source of communication.

·        Always install software updates as soon as they become available. Whether you are updating the operating system or an application, the update will often include fixes for critical security vulnerabilities.

·        Create regular backups of your important files to an external hard drive, memory stick or online storage provider. It's important that the device you back up to is not left connected to your computer as any malware infection could spread to that as well.