Fake emails purporting to be from Ofcom Spectrum Licensing have been sent to lots of radio hams.
A number of Register readers have been in touch to say that they have received an email supposedly from the address firstname.lastname@example.org
The email reads:
The attached licensing document is malware.
Ofcom has responded directly to those who have posted on twitter that they have received the mail.
While Ofcom says that it is not aware of a data breach, the Radio Society of Great Britain (RSGB) says that the problem seems to be quite widespread and many of its members contacted them to ask about the message.
The RSGB told us that it’s waiting for more information from Ofcom, which it will post on its website.
In a post to his blog, Conrad Longmore says that the source of the email is likely to be Russia, with the attached Word document containing a malicious macro which then downloads malware executable from the South African-registered website naturallyconvenient.co.za (which appears to belong to a US-based manicurist firm, though there is no suggestion the company is aware of what is being done with their domain). The malware then phones home to a Russian IP address.
Longmore believes the malware to be the Dridex banking Trojan. This specifically targets accounts at a number of European banks.
An Ofcom spokesperson said: “Some people have received an email that appears to have come from Ofcom spectrum licensing. The email has not been sent by Ofcom – it is a hoax and should be treated as spam and deleted. We have not experienced a breach of our data or systems and we are investigating as a priority.”
The organisation posted a warning on its website, as well as confirming that its IT department is investigating the matter.
It’s not clear where the list of people who have a need to be in touch with Ofcom’s spectrum licensing came from, and while a targeted attack often works well, it would be hard to find a worse cohort to attack than the naturally tech-savvy UK radio amateur community. ®