Phishing Email That Knows Your Address

Just stumbled across below in today’s news, so it’s not a dig at any particular startup (nobody holy pass!). And even more importantly, it shows that startups collecting details like name, email, address etc from their users (inc. myself), ought to be super careful and think of Security from day 1.

As a public service (or more like Radar service), below are highlight of this new phishing technique;

• A new type of phishing email that includes the recipient’s home address has been received by thousands of people, the BBC has learned.

• The email has good spelling and grammar and my exact home address…when I say exact I mean, not the way my address is written by those autofill sections on web pages, but the way I write my address

• Most likely it was a retailer or other internet site that had been hacked into and the database stolen, it then could have been sold or passed through several different people and then eventually it got to the person who sent out these emails

• He said that clicking on the link would install malware such as Cryptolocker, which is a form of ransomware that will encrypt files on Windows-based computers and then demand a fee to unlock them