Staffordshire Police are alerting residents and businesses to bogus phishing emails that are being sent out purporting to be from The Metropolitan police.
The email sender is potentially spoofing a Metropolitan Police email address, showing the sender as ‘firstname.lastname@example.org’. The email contains the text:
“TO THE GENERAL PUBLIC;
See attached document to read more about crime prevention advice.
Metropolitan Police Service.”
The email includes an attachment titled ‘11212527.zip.’.
DO NOT OPEN THIS ATTACHMENT – it contains malicious content which downloads the iSPY key logger to the victim’s device. This key logger records keystrokes, steals passwords stored in web browsers and Skype conversation records, takes pictures via webcam and stores the license keys of software like Microsoft Office and Adobe Photoshop.
Having up-to-date virus protection is essential; however it will not always prevent you from becoming infected.
Please consider the following actions:
DON’T click on links or open any attachments you receive in unsolicited emails or SMS messages. Remember that fraudsters can ‘spoof’ an email address to make it look like one used by someone you trust. If you are unsure, check the email header to identify the true source of communication. THINK: Would the police, Inland Revenue, or council send you emails of this nature? If you are unsure, check with the organisation first.
Information on how to locate email headers can be found at https://mxtoolbox.com/Public/Content/EmailHeaders/
Always install software updates as soon as they become available. Whether you are updating the operating system or an application, the update will often include fixes for critical security vulnerabilities.
Most anti-virus software contains an ‘anti-spyware’ scan which may be able to detect key loggers. If your current software does not offer this function, consider installing software which does – both free and paid for anti-spyware is widely available.
Create regular backups of your important files to an external hard drive, memory stick or online storage provider. It’s important that the device you back up to is not left connected to your computer as any malware infection could spread to that device as well.
If you think your bank details have been compromised, you should immediately contact your bank.
If you have been affected by this, or any other fraud, report it to Action Fraud by calling 0300 123 2040, or visiting www.actionfraud.police.uk.