bad news
Bad news for my favorite, nearest and most trusted hardware suppliers. They will still be my first port of call the next time I want to upgrade.
Bradford-based reseller CCL Computers is investigating the origins of a fake dispatch email containing a virus that was today sent by a third party to at least a thousand of the firm's customers. The tracking details on the standard template were legitimate, say sources who received the mail, as they pointed to a genuine …
When I read the story my first thought was "how do they know it only went to CCL customers?" and my second thought was "if it only went to CCL customers there must have been a data breach."
Well since it clearly didn't go only to CCL customers there was no data breach.
The author needs to do a little fact checking before submitting copy.
The quick analysis that I did in a virtual sandbox on OS X showed that my viral email from CCL appeared to come from an infected virginmedia.net consumer i.e. botnet, & the origin IP was listed as suspect on spamhaus.
As I've never bought anything from Bradford I wildly guessed it was the tailored access operation boffins in Cheltenham up to their well-paid tricks again! after all - don't they control quite a few of the available botnets??
I have an email rule just to move anything not caught by my Spam filter, and with specific attachment types (especially zip files) to my Trash folder, because 99.9% of them are fakes and exploits, but not to delete them straight away, so that I don't loose a rare valid email.
Just a quick read of the Header details of these emails shows some quite pathetic give-aways, and the email body is often even more obvious!
Its not a case of "customers being blind", some have reported that the tracking number is a legitimate one, and that some of the purchase order numbering details in the email match those that certain people use. Like the article says "It is not clear how the fraudsters got customer details from CCL's database".
Yes, I get fake Amazon and Asda ones daily, which I delete without a second thought. What I don't want to see is my actual order numbers and tracking details being circulated in this way, it points less to being a random spoofing and more of their database being hacked and my details exposed.
"Like the article says "It is not clear how the fraudsters got customer details from CCL's database"."
Except if you read further up it isn't just CCL customers who received the email so the spammers didn't get customer details from CCL's database. What they actually did was get hold of a genuine dispatch note and spam lots of people with their scam.
I frequently get scam emails purporting to be from companies (often banks) with whom I have never dealt. It's not an uncommon tactic. Using legitimate looking dispatch note details is not something I've specifically come across before, but it's not a massive leap and would not require any breach of security in CCL's customer database.