Comments

B&D Digital Supplies Commercial Debt Recovery – fake PDF malware — 6 Comments

  1. I too got this email this morning. I was suspicious so I tried to get in touch with B&D Laptops who I supposedly owed nearly £4000 for computer equipment. All I could get was a message saying their website was unavailable as they had exceeded their bandwidth limit.
    I was now doubly suspicious and was relieved to see your article.
    Needless to say I did not open the link
    Thank you

  2. Strangely the company letterhead being used is for a supposed debt collector in Manchester

    http://www.cbsdebtenforcementagency.co.uk/contact.html

    They don’t give an address and only a mobile number for contact (make of that what you will!) and don’t appear to have any licenses to operate as a debt collector. If you look at the who.is info here

    http://who.is/domain-history/cbsdebtenforcementagency.co.uk

    it says the domain was registered in 2012 by “WRT Group” at this address

    Kirkgate House,
    Amy Johnson Way
    Blackpool Business Park
    Blackpool
    FY4 2RP

    Google WRT group and you can find some very interesting info on WRT Group PLC (Now Store Media PLC)
    http://www.name-n-shame.co.uk/wrt_group.html
    http://haveyoubeenconned.com/threads.php?id=24
    http://www.ukbusinessforums.co.uk/threads/store-media-administration-can-we-canel.308089/page-2

    Something fishy going on here maybe?

  3. i left the site down for a few days until things calmed down a bit, it was very strange, even action fraud police said they havnt heard of this before when we reported it

    thousands of email were sent out – NOT BY US, we dont know how/where they were generated

    every email had a different from address, lots of variating company names,
    every price was different, every payment link was different
    every name from was different

    we had people acting in a *stupid manner* making threats and abusing us before finding out if it was actually us sending them out

    • Unfortunately Barry, you have been the latest in along line of innocent victims that have had their details used by various botnets to spread malware
      Basically the way it works is a genuine invoice or claims notice or similar has been found/ intercepted obtained somehow and the bots change details inside the template.
      In your case they used a debt recovery email and inserted what is almost your correct address & details
      The bots marry up bits from different emails and templates and create a new version each time
      It is so easy to spoof the senders because the majority of email servers don’t reject failed SPF records and return bounced emails to the address listed in the from email address not the real sender

      Until we have better email authentication methods these problems will continue to arise. And there is no cure for them
      You just have to sit it out and wait for the storm to pass. Some small companies, that work almost entirely via the internet have literally been brought to their knees and even forced to close completely when their details were spoofed and dealing with the backscatter and backlash has proved so costly in time, money and reputation that closing completely was the only answer.

  4. thank you for that reply, a little more understanding
    the main storm passed, only just a few bits trickling in now it would seem, a few companies wrote letters , even though there were no reply details so i couldnt let them know it was a scam, hopefully they would be aware it was somehow,this must be a huge headache for some as i know it was a nightmare for us all the phone calls and emails for a couple of days

Leave a Reply

Your email address will not be published. Required fields are marked *