- Thousands of people have received a new type of phishing email that includes the recipient’s home address in the body of the message, the BBC reported Wednesday.
- The emails claim that the receivers owe money to various companies in the United Kingdom. Clicking on the email's included link also reportedly installs malware.
- One security researcher said it was likely that either a website or a retailer had its database stolen. The attack, he said, was similar to phishing attempts from groups in Eastern Europe and Russia.
Phishing schemes are growing increasingly sophisticated as cybercriminals use new tools and tactics to create authentic-looking emails.
"The email has good spelling and grammar and my exact home address...when I say exact I mean, not the way my address is written by those autofill sections on web pages, but the way I write my address,” said Shari Vahl, a recipient of one of the emails, to the BBC.
In December, anti-phishing company PhishMe said phishing emails pretending to be regular office communications are the most effective, with an average clickthrough rate of 22%.
While security companies continue to build products that can prevent these types of attacks in the workplace, education around email security must be a cornerstone for all enterprises.