Dealers hit by malware scam

Retailers have been warned of a new wave of malware attacks targeting KBB businesses.

The attacks come in the form of customer enquiries about installations.

Scammers email dealers a PDF file with details of proposed work, which turns out to be malware.

“It is spam with intent to be malicious,” explained Mark Banks, director at Firbanks IT, a computer support service. “It’s how malware attacks start spreading – some human intervention, earn some trust, load the file and set off potentially the next automated variant of Wannacry.

“Spammers open a dialogue and reference you to a link to a PDF that doesn’t work. It comes from a valid email address too so that you can converse with them. I’ve had other customers suggest, ‘come to the store and we can go through our deals’, and they usually reply, ‘everything you need to know is in the PDF’.”

One of the suspected malware emails
One of the suspected malware emails

KBB retailers to be targeted by the scam include Darren Taylor, managing director of Hampshire-based kitchen studio Searle & Taylor, and Nicholas McColgan, a designer at Newbury-based Snug Kitchens.

“I get a couple of emails like this a week,” said McColgan. “They’re very tailored and sometimes very sophisticated, but always smell of a scam. I wonder how many retailers have been caught out?”

Taylor commented: “This is a terrible scam that has been specifically aimed to rip off the KBB market by the scammer pretending to be an interested customer. The enquiry will come via your contact page on your website from a valid email address so that you can converse with them. However, the contact number that they sometimes leave never works. 

I thought that something was just not right by the tone of the email and the fact that every time I asked for their number it was ignored. Luckily, in our business we always meet face to face with our clients and it is unlikely that we will start producing drawings and quotations prior to a meeting.

“I hate to think how many keen KBB companies will get lured into this nasty scam and hope that we can spread the word to stamp it out before it gets really serious. Never try and download an ‘alleged PDF’.”
Another example
Another example

Banks also claimed that spam scanners wouldn’t mark the email as spam as the enquiry comes directly from the retailer’s website.

However, he explained that there are ways of identifying what is malware and what isn’t.

“If anyone is ever unsure, copy and paste the link to the PDF into a website called virustotal.com and it’ll usually say if it’s malicious,” he said.

“However, in this case the PDF is password protected so the virus scanners struggle to read the content. Normally, when you enter the password it then attempts to link to a malware website of some kind and that’s usually where the malware lies – not the attachment but where the attachment points to.”

Home > News > Dealers hit by malware scam