I just had an email from Lyn.Whitehead@lancashire.pnn.police.uk, delivering an invoice for payment. It is a Word doc, but I have not yet opened it. It is obviously a scam of some sort – and one that has not be picked up by Google (I use Gmail and they catch a lot of spam and phishing messages).
The email reads:
Hello
Please find attached an invoice that is now due for payment.
Regards
Lyn
Lyn Whitehead (10688)
Business Support Department – Headquarters
If you get an email like this, don’t open the attachment, don’t reply. Just delete it. If you open the email you are not at risk – it is only if you open the attachment that there may be a problem. It depends on the nature of the doc – whether virus or phishing. There appears (judging from all the comments) that many people are being targeted with this today – so don’t worry, it is not just you!
Sane Security have also picked this up – read about it here. Apparently, the attached document will auto run on Windows, and therefore infect your PC with something pretty nasty.
What is unclear is, how is somebody sending spam mail from a UK Police email address? I cannot dig deeper right now (on my lunch break!) so if anybody knows, feel free to comment below – update: lots of useful comments already, please do not post “me too” comments though!
No, they haven’t actually hacked the account, they are spoofing the email address from an IP address linked to the Schoolnet nectec.or.th ISP in Thailand.
Spam don’t open it.
I’ve had the same today 21/10/2015. and so has thirty other friends who are on my email list.
Just block the email… Lyn.Whitehead@lancashire.pnn.police.uk
I received exactly the same, I didn’t open it knowing it must be a phishing email etc. But I googled the email address to check it wasn’t an official email address of any sort, which it isn’t. Thank you for posting so that others are able to be informed.
Thank you for this, I’ve just had one too and it got me in a panic!!
Received same and deleted it at once of course, but I too need to know how email can be sent from a seemingly “correct” address, particularly the Police. Is it really possible to “clone” any email address and if so, why can nothing be done about this?
I have just had this as well and keep getting similar emails
Exactly the same mail. Fortunately I didn’t open it, but sent it straight to junk.
Greetings,
The email is clearly a phishing email. With the question how…very easy. Almost anyone can do it from any remote smtp server that can get his hands on. Most general servers that are used for mass mailing have the port 25 open with no authentication set up. Some more information how to telnet a message from a smtp server you can find here http://www.yuki-onna.co.uk/email/smtp.html. Using telnet can allow you to set up the source of the email without checking the validity of the source (the only check that is being made is any spf/dkim or r-dns from the receiving server). I am sorry if I did not explained it better, but from the link I provided, you can understand how it works and how anyone with basic linux or any kind of programming history can do it.
I’ve also just received the same email to my business address. I haven’t opened the attachment although it looked quite convincing! Glad I checked it out first so thanks for the heads up. J
Just received the same email, so checked out google and found your report.
Not opened it either.
Its a made up email address not from the police – look carefully at the email address since its missing the “CO” or “Gov”
Same email came to my mail box at 12.01pm. Look like a virus so didn’t open the attachment. Thanks for the post.
I too have received this email today – no idea how it’s been sent from what is seemingly a genuine Police address. As I work for a company based in the South East, it’s unlikely we’d have any dealings with the Lancashire Police, so it smelled fishy to me straight away!
Just received the same mail again. Lancashire Police – you really need to get on top of this!
I opened it on an android phone I actually live in Lancashire so thought it waa from the police am I at risk what should I do reset my phone or something im eorrued as hell now
Ive just had the same, thought it was odd as ive only ever been caught speeding in Somerset so I googled it.
Thanks for the info
Received from 84.238.224.82 Bulgaria
from hst-224-82.medicom.bg ([84.238.224.82]:25614 helo=Universal-PC)
I received the same email this morning. With long headers enabled, it appears to be coming from Lyn.Whitehead@lancashire.pnn.police.au, not .uk. Will be reporting it.
check here
http://www.lancashire.police.uk/news/2015/october/email-virus-alert.aspx
I just got the same thing – twice in the last two days. Thanks for confirming what I suspected.
But my extensive experince of PNNs is that they always come by post!
J
Thank you for this. Interestingly the company I worked for got this same email within the last 20 minutes.
Thank again
Scott
I have also received this and it came straight through, with only a [SPAM] tag being added by AVG Internet Security (but at least it tagged it, which BT did not).
Obviously, if you ever receive anything like this just delete it but on the point about it coming from a “Police” email address, it might not have as it is the easiest thing in the world to spoof and email address (just Google it to see what I mean).
Just got this now Deleted.
I’ve had one today too, exactly the same.
I’ve deleted it.
We have had no dealing with Lancashire Police.
I too received it. To answer your question the ‘from’ field in email can be populated with anyone’s email address – provided you find an open relay email server willing to accept any email. Email unfortunately doesn’t check the veracity of email from headers including ‘from’.
Email for me was sent via a Spanish ISP, timestamp shows timezone of CEST which supports that. The mailer looks to be outlook and via Sophos, though we know how easy it is to put that in an email.
The file shouldn’t auto-open if you’ve office set to disable that, but maybe don’t risk it if unsure. The macros are the usual obfuscated windows targeted thing.
The mail gets through because of a lack of SPF and other such stuff. Sending a fake email from a police account just looks too easy, certainly from Lanks police. I’ve reported it to them, suggest you do too.
It’s not being sent from a PNN email address, it’s purely a spoofed sender so it appears like it has come from them. They have no connection with it and no control over someone sending it out.
Almost certainly contains the Dridex malware/Trojan as many similar ones have over the last few weeks
Just received 2 of these to 2 different accounts, knew it was a phishing attempt straight away, but thought I would check further, both mine came through a smtp gateway in Abu Dhabi checked through DNSstuff
Happened to me too today Im surfing through the document now in unicode to see if there’s owt I can pickup like another forwarding email address
You can forward the scam email to NFIBPhishing@city-of-london.pnn.police.uk for follow up as cyber crime but they get thousands of these every day.
Just received one to with a read request!
Pay no attention to the from email address. This is easily faked.
I get 2 or three of these a week now purporting to come from different places, usually in the form of an invoice, but I have also had “medical” ones with my urgent test results.
It appears for most of them that the person actually exists and works for the company “spoofed”. I have had invoices for lifts, cardboard boxes and all sorts of things.
You need to stay alert! One day they may get me with company that I might have had links with. Fortunately most of them have come to my personal address rather than my business one.
Please can someone reassure me I opened this email thinking it was from my local police force im on Android will it compromise my phone
I Wayne, based on what I read on the Sane Security website (see link in post above) it is likely it is only a Windows virus, so hopefully, nothing evil would have happened. But, I am not a security expert. Maybe run an AV on the phone to be sure.
Just found mine!! It was sent to junk in my live account so they did pick up that it was spam
That’s good to hear. Hopefully all email providers will soon be sending all of these to spam / junk. If everybody hits the spam button, the message will soon be heard!
I received it today Sophos Anti-Virus picked it up immediately straight into quarantine then deleted
V.Worried, it stated,”reply by E’mail” and delete. I did try opening and got a blank page. I deleted.
R. Almond.
Hi Phil, to clarify – was this was after you opened the attachment, or did Sophos scan the incoming mail attachment and quarantine?
hi i opened this email as i was trying to delete it and it auto downloaded and opened, any help?
I’ve just received one in junk mail as well, will now delete.
My wife has just received one also, deleted.
I have received this email today at 15:26. Luckily I did not click on the attachment. I checked the message source, this one originates from Turkey.
Jack, run your AV. Ensure it is updated. By the sounds of it, Sophos already detects and destroys it.
yeah i ran my antivirus and it came out clear, just wondering if anything could of happened due to the word document downloading and opening?
Just arrived with me. My conscience took me back to perhaps I had been speeding a little recently but realised it was a scam – not addressed to me personalty or my car reg number. Will delete.
I received this exact email in my junk folder. I accidentally clicked on the attachment from my iPhone but it was just a blank page and I instantly came out of it.
Do you think his had effected my iPhone?
Thank you,
Impossible to say Natalie. We do not know if it is the same file that is being sent out. Sane Security said it was only for Windows, so most likely that your iPhone is not affected.
I received this email, and made a formal complaint to Lancashire police, to get them to deal with it. They managed to avoid dealing with it by taking ten hours to log the complaint from 11am to 9pm, and then declaring it void because i did not confirm within 2 hours i.e by 11pm. The police must take responsibility for sorting such matters out because most law abiding people would feel obliged to open the attachment in case it was genuine.
i also got this today and tried to open it but my avast antivirus detected a problem so i checked out the email address and found that it was a malware scam, ignore it and delete it
I received this e mail, it was in junk and I accidentally opened the attachment. The attachment was blank. Am very worried about this and should have paid more attention to the email address. I had been looking at my e mail on IPad. I have since deleted the email and reported it. What should I do next?
Hi Tracey, the details linked above suggest it is PC threat only, so you should be OK.
Hi Bruce, in fairness, I don’t think there is much Lancashire Police can do about it. There servers have not been used – the email is being faked. It could just as easily say it comes from any other organisation or business. ISPs, web hosts, Internet security firms, AV tools etc. are the main ways to prevent scams, hacking and phishing like this – we cannot blame the people who are being impersonated.
I recieved this email today 26-10-15 as I deal with police a lot I wasn’t suprised to recieve one from them but after reading these comments I’ve deleted it without opening thanks guys for the heads up