Phishing Email That Knows Your Address

An anonymous reader writes: BBC is reporting about a new type of phishing email that includes the recipient's home address. The publication, citing sources, claims that thousands of people have already received such malicious emails. Clicking on the email apparently installs malware such as Cryptlocker ransomware on the recipient's computing device. From the report, "Members of the BBC Radio 4's You and Yours team were among those who received the scam emails, claiming they owed hundreds of pounds to UK firms. The firms involved have been inundated with phone calls from worried members of the public. 'The email has good spelling and grammar and my exact home address...when I say exact I mean, not the way my address is written by those autofill sections on web pages, but the way I write my address.'"

Oh, come on, now!

[kheldan]

Any truly important, official communication from a government agency, or from any company demaning payment of any sort, is going to send it in a printed letter, not an email.

Re:Oh, come on, now!

[gstoddart]

The problem is it takes only about a 1-2% success rate to make spam effective. Probably far far less when it's this targeted.

Say you're in an organization of 1000 people ... the security of your network is determined by the 10-20 most gullible people in your organization ... at least 5 of which will be in management. Think about the dumbest 1-2% of your organization, and think "dear god, are we really depending on them for our overall security?"

And, really, "effort" is a relative term when it's a computer doing all the heavy lifting. It's not like someone has to individually type all of those messages.

It clearly works, or it would have stopped on its won by now.