Security experts are again reminding internet users not to open attachments or click links in unsolicited emails after a new phishing scam emerged using the unlikely lure of a production of Peter Pan at the Bournemouth Pavilion Theatre.
The alarm was raised by local ticketing firm BH Live, which said in an advisory on Monday that it had received a “high volume of calls from members of the public” concerning an email that had appeared in their inbox.
The email in question is spoofed to look like it’s been sent by BH Live and claims the user has successfully booked nine tickets to see Peter Pan at the Bournemouth Pavilion Theatre.
While the production is a genuine one, the attached zip-filed “tickets” are actually riddled with log-in-stealing malware.
Derek King at the MyOnlineSecurity site has a screenshot of the attachments in question.
He claimed they were sent out by the same zbot that spammed users with Cryptolocker and other ransomware.
BH Live had the following:
“BH Live's information security teams together with information technology professionals and suppliers have investigated the matter and confirm that its internal systems have not been breached and that the emails were sent from known spam IP addresses. The emails are not genuine and do not originate from BH Live. A number of precautionary measures have been taken to ensure data, systems and networks continue to be protected.”
The firm advised recipients to delete the email, not open the attachments, and ensure they have up-to-date security software and OS versions running on their machine.
“It is recommended that anyone receiving these emails update their passwords over the coming days,” it added.
Chris Boyd, malware intelligence analyst at Malwarebytes, argued that the lure for this scam is so unusual it may actually trick some users into opening the attachment.
“Avoid anything attached to emails in zipfiles, no matter how legitimate it may appear to be and contact the organization or event mentioned in the mail directly," he cautioned.