Debunking email hoaxes and exposing Internet scams since 2003!

Hoax-Slayer Logo Hoax-Slayer Logo

DividerDivider
Home    About    New Articles    RSS Feed    Subscriptions    Contact
DividerDivider


Site Navigation



Land Registry Debit Notification Malware Emails

Outline
Emails purporting to be from the UK's Land Registry claim that fees will be debited from the recipient's account in the coming days. The messages claim that users can access details about the fees to be debited by opening an attached file.

Vector illustration of single virus pc icon

© Depositphotos.com/ MyVector



Brief Analysis
The emails are not from the Land Registry. In fact, the attachment contains malware. The fee amounts specified in the emails may vary. If you receive one of these emails, do not open any attachments or click any links that it contains.

Bookmark and Share
Example

Notification Date: 2/09/2013
Notification Number: 138418369

Mandate Number: 6626192

###THIS IS AN AUTO NOTIFICATION EMAIL. DO NOT REPLY TO THE SENDER OF THIS EMAIL. IF YOU HAVE A QUERY PLEASE REFER TO THE INFORMATION BELOW ###

This is notification that Land Registry will debit 202.00 GBP from your nominated account on or as soon as possible before 10/09/2013.

Details of fees that we shall be collecting by direct debit for the applications charged are now available to view.

You can access these by opening attached report.

If you have an enquiry relating to your VDD account please contact Customer Support at customersupport@landregistry.gsi.gov.uk or call on 0844 892 1111. For all enquiries, please quote your key number.

Thank you,

Land Registry

Land Registry is the definitive source of information for more than 23 million property titles in England and Wales. Since 1862 we have provided security and confidence in one of the most active property and mortgage markets in the world. We are working to support economic growth and data transparency as part of the Public Data Group. Find out more at www.landregistry.gov.uk


Detailed Analysis


Since early August 2013, debit notification emails purporting to be from the UK's Land Registry have been hitting inboxes. The emails claim that a fee of around 200 pounds will be debited from the recipient's nominated bank account by a specified date.  According to the messages, recipients can view details of the supposed fees by opening an attached file.

However, the emails are not from the Land Registry and the attachment does not contain fee details as claimed. Instead, the attachment contains a .zip file that in turn harbours a malicious .exe file.

If launched, this .exe file can install malware on the victim's computer. Typically, such malware can relay personal information stolen from the infected computer back to a remote server, download and install more malware and allow criminals to access and control the compromised computer.

The specified fee amounts in the emails may vary. Versions I have seen so far list the fee variously as 202, 203 and 286 pounds. Other incarnations may specify different amounts.   The date of the supposed debit transaction listed in the emails also varies as do details such as the "Notification Number" and "Mandate Number".

To make the claims seem more legitimate, the malware emails include legal terms, contact information and links that may be seen in genuine Land Registry messages.

The Land Registry has warned users about the bogus emails via the following notice on its online support community:

Have you received an unexpected email from us relating to "Notification of Direct Debit Fees"?

Please delete the email. It is a spoof mail and does not originate from Land Registry, although it is made to look like it has (Land Registry Direct Debit emails do not have a zipped attachment). 

If you have already opened any attachments or clicked on any links then please arrange for a virus scan to be run on your computer. 

Guidance on dealing with suspect email can be found on our website here: http://www.landregistry.gov.uk/announ...

The criminals responsible for this campaign hope that at least a few recipients will be panicked into opening the attached file in the mistaken belief that an unexpected fee is about to be debited from their accounts.

Scammers commonly use fake billing notification emails to distribute malware. Some companies or departments may provide information to customers via an attached file such as a .pdf. However, any such attachment that contains a .exe file, either directly or hidden in a .zip file, should be treated with extreme caution.

Bookmark and Share

Last updated: September 10, 2013
First published: September 10, 2013
By Brett M. Christensen
About Hoax-Slayer

References
Threat Outbreak Alert: Fake Land Registration Fee Collection Notification Email Messages on August 20, 2013
Have you received an unexpected email from us relating to 'Notification of Direct Debit Fees'?
Email security advice - Unsolicited / phishing emails
Bogus Telstra 'Email Bill' Carries Malware