Issue 162 - September, 2013 (2nd Edition) - Page 11
Land Registry Debit Notification Malware Emails
Emails purporting to be from the UK's Land Registry claim that fees will be debited from the recipient's account in the coming days. The messages claim that users can access details about the fees to be debited by opening an attached file.
© Depositphotos.com/ MyVector
The emails are not from the Land Registry. In fact, the attachment contains malware. The fee amounts specified in the emails may vary. If you receive one of these emails, do not open any attachments or click any links that it contains.
Notification Date: 2/09/2013
Notification Number: 138418369
Mandate Number: 6626192
###THIS IS AN AUTO NOTIFICATION EMAIL. DO NOT REPLY TO THE SENDER OF THIS EMAIL. IF YOU HAVE A QUERY PLEASE REFER TO THE INFORMATION BELOW ###
This is notification that Land Registry will debit 202.00 GBP from your nominated account on or as soon as possible before 10/09/2013.
Details of fees that we shall be collecting by direct debit for the applications charged are now available to view.
You can access these by opening attached report.
If you have an enquiry relating to your VDD account please contact Customer Support at firstname.lastname@example.org or call on 0844 892 1111. For all enquiries, please quote your key number.
Land Registry is the definitive source of information for more than 23 million property titles in England and Wales. Since 1862 we have provided security and confidence in one of the most active property and mortgage markets in the world. We are working to support economic growth and data transparency as part of the Public Data Group. Find out more at www.landregistry.gov.uk
Since early August 2013, debit notification emails purporting to be from the UK's Land Registry have been hitting inboxes. The emails claim that a fee of around 200 pounds will be debited from the recipient's nominated bank account by a specified date. According to the messages, recipients can view details of the supposed fees by opening an attached file.
However, the emails are not from the Land Registry and the attachment does not contain fee details as claimed. Instead, the attachment contains a .zip file that in turn harbours a malicious .exe file.
If launched, this .exe file can install malware
on the victim's computer. Typically, such malware can relay personal information stolen from the infected computer back to a remote server, download and install more malware and allow criminals to access and control the compromised computer.
The specified fee amounts in the emails may vary. Versions I have seen so far list the fee variously as 202, 203 and 286 pounds. Other incarnations may specify different amounts. The date of the supposed debit transaction listed in the emails also varies as do details such as the "Notification Number" and "Mandate Number".
To make the claims seem more legitimate, the malware emails include legal terms, contact information and links that may be seen in genuine Land Registry messages.
The Land Registry has warned users about the bogus emails via the following notice
on its online support community:
Have you received an unexpected email from us relating to "Notification of Direct Debit Fees"?
Please delete the email. It is a spoof mail and does not originate from Land Registry, although it is made to look like it has (Land Registry Direct Debit emails do not have a zipped attachment).
If you have already opened any attachments or clicked on any links then please arrange for a virus scan to be run on your computer.
Guidance on dealing with suspect email can be found on our website here: http://www.landregistry.gov.uk/announ...
The criminals responsible for this campaign hope that at least a few recipients will be panicked into opening the attached file in the mistaken belief that an unexpected fee is about to be debited from their accounts.
Scammers commonly use fake billing notification emails to distribute malware. Some companies or departments may provide information to customers via an attached file such as a .pdf. However, any such attachment that contains a .exe file, either directly or hidden in a .zip file, should be treated with extreme caution.
Last updated: September 10, 2013
First published: September 10, 2013
By Brett M. Christensen
Pages in this issue:
- Unlucky Frog LADEE Rocket Launch Photograph
- Reshipping Fraud - Parcel Mule Scams
- 'Apple Account Frozen' Phishing Scam
- Warnings Claim Facebook Is Deleting Pet Profiles
- CASE NOW SOLVED - Message Asks For Help to Identify Man Killed By Train in Melbourne
- HM Revenue & Customs Refund of Overpayments Phishing Scam
- 'Special Education Week' and 'Autism and ADHD Awareness Month' Messages
- Apple iPhone 5c Giveaway Like-Farming Scam
- Fake Companies House Emails Contain Malware
- Mysterious Carved Tree Hoax
- Land Registry Debit Notification Malware Emails
- Jennifer's Story - Dating and Money Laundering Scam
- Obama Muslim Stamp - USPS Muslim Holiday Stamp Release Protest Message
- Pickup Truck Bus Crash Texting Warning Message
- No, Facebook Is NOT Removing Veteran Amputee Images
- 'Email Account Pending Deactivation' Phishing Scam
- NatWest 'Bonus Reward' Phishing Scam
- No, Radiation from Fukushima has NOT Killed Hundreds of Whales
- Google Support 'Message Blocked' Pharmacy Spam Email
- Russian Sleep Experiment Story
- Carnival Cruise Free Vacation Packages Survey Scam
- Angelina Jolie is Not Dead - Fake Death Message Points to Rogue App and Survey Scam
- Bogus LinkedIn Invites Open Drug Store Spam Sites
- Kitten Giveaway Scam
- Miley Cyrus is NOT Dead - Miley Cyrus Suicide Facebook Scam
- Bogus Warning - 'Russian Booksellers Looking For Children'
- Dave and Angela Dawes Advance Fee Lottery Scams
- Gang Initiation Warning Hoax - Infant Car Seat Left On Roadside
- Dueling Banjos Hoax
- Football Star Joe Montana is NOT Dead
- 'I Am Meth' Poem