Consumers warned about "convincing" Debenhams phishing emails Posted by Damien Biddulph on Mon 8th Jan 2018
Police warning over phishing emails that convincingly mimic Debenhams' email receipts
Debenhams experienced a poor Christmas trading period, according to reports
Police have warned consumers over what they describe as a wave of convincing phishing emails that mimic e-receipts from retail chain Debenhams in order to compromise people's PCs.
The phishing emails are intended to persuade people to click on a link to check the details and status of their order, which then downloads the malicious payload.
The emails have been circulating since before Christmas. The company is aware of the scam after recipients contacted the company, while 55 people have contacted Action Fraud after receiving the scam emails.
While the emails copy a typical Debenhams email receipt - one sent to customers after they have purchased or ordered something in-store - they are easily given away by the fact that they come from a clearly non-Debenhams address.
Action Fraud described the phishing e-receipt email as "the most convincing phishing email we've seen"
It continued: "More than 55 information reports have been sent to our National Fraud Intelligence Bureau (NFIB). We would advise people to not click on any links, delete it and report it to us.
"Debenhams is aware it's a fake and have had customers contact them directly about it. Their e-receipts are issued to people when they make a purchase in store and this is a carbon copy.
"So these are not only unusual, but could catch some people off guard. The giveaway is the fact they were sent from personal email addresses."
Debenhams confirmed the scam to the Daily Mail: "We are aware of this and we continually take steps to protect customers and support the work that organisations such as Action Fraud and Cyber Aware conduct to encourage customers to be vigilant and aware of the steps they can take to stay cyber secure."
Phishing has continued to grow in recent years as the most effective way for cyber attackers to penetrate both organisations, and to compromise computer users' personal details.
Indeed, organisations rather than individuals are probably most at risk given the sums involved.