October 24, 2019//-Who is William Wilke? That’s the question scores of Twitter users have been asking British supermarket Morrisons, after receiving an email for signing up to an online shopping account.
The email, seen by GlobalData’s Verdict.co.uk, is a legitimate automated welcome email from Morrisons. The supermarket chain told Verdict that “an unknown 3rd party” had “acquired” email addresses from the web to register the accounts.
Morrisons told Verdict it had deleted the fraudulently created accounts and confirmed that “there is no other associated information relating to it”, such as names, card details and addresses.
“There is no impact on you as the owner of the email address used, and you do not need to take any further action,” Morrisons added.
GlobalData’s Verdict asked Morrisons how many individuals were affected, but Morrisons declined to comment.
GlobalData technology writer Rob Scammell said: “The email addresses were likely part of a list of email addresses compromised during a previous data breach with another company. Email addresses, along with other personal details, are often compiled into large databases traded by scammers online for the purpose of carrying out new attacks.”
Principal security consultant at Finnish cybersecurity firm F-Secure Tom Van de Wiele told GlobalData’s Verdict: “As these are in the open anyone can scrape them and use them as a target list for different purposes.
“Spam, phishing or, in this case, what seems to be a smear campaign towards Morrisons. The attacker probably automated the sign-up process, saw that it sent an email without the need for a CAPTCHA [the human verification process], and seeded it with the target list, resulting in people complaining and pointing their pitchforks at Morrisons.”
Matt Walmsley from cybersecurity firm Vectra told GlobalData’s Verdict: “Attribution and understanding motivation of attacks or incidents is never precise so I’m not surprised there is confusion and speculation around this story.”
African Eye Report
