About these scam emails
Companies House Email Virus refers to scam emails which claim to come from the Companies House, United Kingdom’s registrar of companies. This is just another spam campaign that uses the name of a known company/organization in order to spread malware. The British government is aware of the campaign, and has warned business owners after receiving reports, in efforts to prevent businesses from becoming victims. However, with how legitimate the email looks, it’s not unlikely that someone will fall for it. The spam email claims that a company complaint has been submitted to Companies House, and more information can be found in the file attached to the email. Obviously, the attachment is malware, and it only needs to be opened for it to start its malicious activity on the computer.
Because spammers use legitimate organization and company names, it can be difficult to differentiate between dangerous and safe emails. They can be professionally written, use the same email template as the company they are pretending to be from, and contain all the information that would usually be found in legitimate emails. This particular spam campaign uses the Companies House name and claims that a company complaint has been submitted to them. The receiver is asked to check the email attachment for more information. This campaign clearly targets companies rather than individual users, and might prioritize high-profile employees. Obviously, the attached file is malware and thus, it should not be opened. However, how can you know when you are dealing with a malicious email, such as Companies House Email Virus?
Subject: WebFiling Authentication Code
(This is a new company authentication code, we will also send you confirmation of this code by post.)
Please check attached document for Company Authentication Code, this code is also sent by post to the company’s registered office address, normally sent within *5 working days.
The Authentication Code is the electronic equivalent of a company officers signature.
To access WebFiling and submit data both a password and authentication code are required.
When you have both password and authentication code
1. Return to the WebFiling Welcome screen hxxps://ewf.companieshouse.gov.uk/ and select ‘CONTINUE’.
2. Enter your registered email address and password to sign in.
3. Enter the company number and Authentication Code to proceed.
An up-to-date list of documents that can be filed via this service can be found on the WebFiling Sign in screen.
All WebFiled documents are available to view / download for 10 days after their original submission by selecting ‘My Recent Filings’. However it is not possible to view copies of accounts that were downloaded as templates.
You can change or cancel your Company Authentication Code by selecting ‘Company Registration Details’.
If you submit information for more than one company you may choose to use the same code for all your companies, see HELP text for further information.
Note: reference to company may also include Limited Liability Partnership(s).
WebFiling Service Desk tel: +44 (0)303 1234 500 or email: firstname.lastname@example.org
Thank you for visiting the Companies House Website – hxxp://www.companieshouse.gov.uk
Note: This email was sent from a notification-only email address which cannot accept incoming email. Please do not reply directly to this message.
How to spot a malicious email
Generally, there are certain signs you should look out for. First of all, look for grammar mistakes. While sophisticated spam emails will not have them, it’s still worth taking note of. Secondly, compare the structure of the email to a legitimate one you have from the company. See if the contacts provided at the bottom of the email match the company’s. The email address can be the most telling sign, however. Check the sender’s email address, and even if it looks real, see if it’s actually used by the company. If you cannot find any matches, you’re likely dealing with an elaborate spam email. The emails used in this campaign seem to be email@example.com and firstname.lastname@example.org, although there may be others. They appear to be quite real, but a quick Google search would prove otherwise. You should take into account how you are addressed. Since your name would be inserted into an email automatically if you have had business with the company or organization before, be careful of emails addressing you with general greetings like Dear Customer/User/Member. It’s usually a sign of spam. Lastly, use a malware scanner to check the attachment before opening it, and that will confirm everything you need to know.
What is the point of Companies House Email Virus?
It’s certainly not the first time that a goverment organization has been used in spam campaigns, and it certainly won’t be the last. After all, it’s a great way to phish someone or infect their computers with malware. And if you’re thinking that there is no chance you will fall for this, you need to think twice. Spam emails can be so sophisticated that even the most suspicious person would fall for them. Thus, everyone needs to be careful.
The letter will often claim that the recipient is required to “pay a fee to confirm their registration” and “lack of payment will result in lack of your company’s entry in regist.co.uk” with the requested payment usually around £200.
- New Companies Register
- Digital Companies Register
- National Register of Companies
- Economic Index for Europe
- Register of Companies and Businesses
- Scottish Commercial Register (publication of companies)
- Welsh Commercial Register
- e-public.co.uk Company Register
These kinds of emails usually either want to phish you or infect your computer with malware. In cases of phishing, crooks aim to get access to personal and business accounts of high-profile company employees. These kinds of emails usually contain links, which if clicked on would ask people to put in login details. For example, a CEO of a company gets an email with a link to a file supposedly hosted in Google Drive. He/she clicks on it and is asked to log into a bogus Google page. If they do, they would have provided crooks the necessary information to hijack an account. They could even trick people into giving away their two-factor-authentication codes.
In particular, look out for any of the following fake email stems:
When spam emails contain attached files, they’re usually trying to spread malware. It could be some kind of Trojan that would spy on the victim, collecting valuable information about the company or the victim. Or it might be ransomware that would encrypt essential files and then demand a payment to get them back. If a company has backup, ransomware may not do serious damage but it would still mean downtime while the system is cleaned and files are restored.