A Which? member’s wife’s email account was hacked and her details were used to send a very convincing phishing email containing a link to a copycat website to her contacts. Had the link been clicked on by the recipients, it could have asked for financial details or contained malware.
Member Giles Youngs told us:
‘My sister recently got an email that appeared to be from me, but in fact came from my wife’s email – she hadn’t noticed the unusual email address.
‘It contained a link that appears to direct you to Ancestry.co.uk, the family history website, and was advertising the opportunity to view the life story of our late aunt, mentioning her name in full.
‘I subscribe to Ancestry.co.uk, and my family tree is available to other members, although the identities of living people, such as my wife and sister, are kept anonymous. My sister forwarded me the email, asking if I had sent the correct link (as it led to a free trial offer).
‘I called and warned her that neither I, nor Ancestry.co.uk had sent that email.
‘I’ve informed my bank of this possible scam, but haven’t contacted anyone else yet.’
Our say on spoof emails
It appears that someone has hacked into your wife’s email account, discovered her personal details and used them to send a very convincing phishing email.
These emails often lead to copycat websites that ask for financial details and/or contain malware.
We advise running a virus scan on all computers that the link was opened on. Make sure that your wife changes the password on her email account and all other online accounts.
Check the email settings for mail forwarding, signatures, and out-of-office replies to ensure they’ve not been altered.
Finally, report this case to Action Fraud.
Have you come across a similar spoof email? What did you do about it?