Peter Pan Email Scam Puts Thousands Of UK Businesses At Risk

Media Division | September 12, 2014

Thousands of UK businesses were targeted by an email phishing attack purporting to be about tickets they supposedly booked for a Christmas-time Peter Pan theatre production in Bournemouth. The emails are claimed to be sent from BH Live – a genuine ticketing company who is hosting a Peter Pan production this Christmas.

The email claims to be a £145 invoice for nine tickets (supposedly bought with a MasterCard credit card with the last four digits of 7006) to a Peter Pan Performance scheduled at the Bournemouth Pavilion theatre. The body of the email contains an attachment that, when opened, installs a virus on the recipient’s PC.

Hackers from Eastern Europe are said to be responsible for the attack. Phishing scams like these involve emails that claim to be from official institutions, but the corporate victims have reported that these emails attempt to break into their security barriers and infiltrate their computer systems.

The .zip file attachment in the email contains malicious software that, when downloaded on the computer, steals user information, including passwords of online accounts, and attacks other users via sites that the victims visit. This could lead to some businesses having their web connection disabled if their networks and systems are found to be spreading malware online.

BH Live does have a Peter Pan production from Dec. 6 to Jan. 4 at the Bournemouth Pavilion, but the company informed it didn’t send any emails containing invoices for tickets.

“BH Live’s Information Security teams together with information technology professionals and suppliers have investigated the matter and confirm that its internal systems have not been breached and that the emails were sent from known SPAM IP addresses,” said BH Live. “The emails are not genuine and do not originate from BH Live.”

Security pundits have identified the SPAM IP addresses are linked to the National Academy of Sciences in Belarus with servers located in France.

Companies should watch out for a deluge of cyber-attacks coming from former Iron Curtain countries, warns Cloudmark Internet Security’s systems analyst Andrew Conway. These locations have “a great educational system, turning out a lot of smart people who know all about computers, but not that many employment opportunities.”

“They don’t have the high-tech sector,” Conway stated. “A lot of these people are turning to computer crime because that’s just a way to use their expertise.”

Safeguarding your organisation against phishing scams

The latest round of email attacks are thought to be one of the most sophisticated email scams ever seen in the UK. Companies and their employees are recommended to delete any emails claiming to be from BH Live, especially when they aren’t expecting one. They should also refrain from opening or downloading any attachments form suspicious email addresses.

Another thing organisations and their personnel can do is examine the links inside the body of the email. For instance, it can be a good idea to check if other businesses have received similar emails through a quick search in Google. Also, if the content includes a mention through an unfamiliar address, it is most likely to be spam.

Lastly, businesses should beef up their PC security by installing phishing filters and anti-phishing solutions that go beyond blocking with ISP connections, honeypots and other testing procedures. Ideally, companies that provide on-the-ground intelligence and prepare reports for local authorities to take action are the best line of defense.

Massive's Media Division publishes timely news and insights based on current events, trends, and actionable cross-industry expertise.