A highly convincing phishing email spoofed to appear as if sent from the UK’s TV Licensing authority has accrued thousands of complaints over the past three months.
Action Fraud warned back in October that the scam email was designed to steal a user’s personal and financial details.
“They will use headlines such as ‘correct your licensing information,’ ‘billing information updates’ and ‘renew now’ to trick people into clicking on the link within the email,” it said at the time.
“When a victim clicks on the link, they will be led to a convincing looking TV Licensing website. The website is designed to harvest as much personal and financial information as possible from the victim.”
The fraud prevention organization claimed it has now received over 5000 complaints about the phishing campaign over the past three months, according to reports.
The phishing site requests users fill in full payment details including account number, sort code and CV2 number, as well as name, address, phone number and more.
Stephen Cox, chief security architect at SecureAuth, argued that although low levels of security awareness are partly to blame, organizations must also play their part in addressing the phishing epidemic.
“There is a shared onus here, between the users maintaining a level of vigilance during their online activity, companies engaging in reasonable security to protect their users and sensitive data, and the security industry as a whole to continue to raise the bar in terms of innovation and user experience,” he added.
“Locking down accounts that have been actively or potentially compromised during a phishing attack can leave users feeling frustrated, unable to access their resources, and this can have a measurable impact on the business. Companies must understand the urgent need for stronger identity security practices, allowing them to increase the trust that their users are who they say they are.”
TV Licensing has issued a quick guide for users on how to tell if an email is genuine or not.