Beware Of That Charity Email

A new phishing scam is impersonating the emails of a legitimate UK-based refugee nonprofit in order to steal banking information from unsuspecting victims. 

Cybercriminals have imitated an email from Migrant Help, a real nonprofit offering support to migrants from afflicted regions, by sending a phishing message with the subject line “Thank you for choosing to donate to Migrant helpline.”

Founded in 1963, Migrant Help also manages Asylum Help, a free service that offers independent advice to asylum seekers in the United Kingdom. “Our vision is for a global society that protects vulnerable migrants, treats them with respect and enables them to become successful members of their communities,” is listed as the organization’s goal online. 

The email scam contains a fake donation receipt, with the intended victim’s correct name listed alongside their correct phone number. A clickable reference number inviting email recipients to ask questions about their donation, which they likely would click on if they hadn’t in fact donated, leads to an online Word document that downloads the Ramnit banking Trojan malware developed to steal online banking credentials. 

Using real, identifiable information often accessed via previous data hacks is a tactic cybercriminals use to make phishing emails appear more authentic. It is currently unknown, however, how the phishers in this case accessed the information.

“Don’t click on links or open any attachments you receive in unsolicited emails or SMS messages,” advises Action Fraud, the UK’s cybercrime center online. “Remember that fraudsters can ‘spoof’ an email address to make it look like one used by someone you trust. If you are unsure, check the email header to identify the true source of communication.”

Action Fraud is requesting any phishing victims to report it by calling 0300 123 2040 or visiting www.actionfraud.police.uk

Next story loading loading..