‘Peter Pan’ virus threatens hundreds of thousands of computers in the UK

The attack from an unidentified group of hackers involves a very convincing “confirmation” email purporting to be from a real ticketing company, BH Live.

When opened, the email tells people they have successfully bought nine tickets for £145 to see Peter Pan at the Bournemouth Pavilion Theatre this Christmas – a genuine production. But those who have clicked on the attached “e-tickets”, which appear to be PDF files, have actually downloaded a series of malware viruses to their computers.

Experts have warned that the scam is being targeted at individuals as well as small and medium businesses. Writing on the My Online Security blog, Derek Knight warned that the malware involved will almost certainly “have a password stealing component, with the aim of stealing your email or log in credentials”.

“Many of them are also designed to specifically steal your Facebook and other social network log in details,” he added.

The emails are thought to be part of one of the most sophisticated phishing scams security experts have seen in the UK.

They appear to come from what is the genuine BH Live email, all have separate random confirmation codes that correspond to the attached file, and some have even reported that the last four digits of the payment card “used” to buy the tickets actually match their own.

In a statement issued on the BH Live website, the company said it had started receiving a “high volume” of calls regarding the emails from 7.30am on Monday.

It confirmed that the emails are not genuine, adding that its own internal systems “have not been breached”.

BH Live warned: “The public is advised to delete these emails, to not open any attachments or links; ensure they are running the most up-to-date security products and that the operating system has been updated to the latest version.

“It is recommended that anyone receiving these emails update their passwords over the coming days.”

Matt Goode, a spokesperson for BH Live, said that “at least tens of thousands of email” have been sent, though the exact number is unknown and could be many more. He said the matter had been passed on to the police.

The following two tabs change content below.