Browsed by
Tag: e-mail

Beware the Companies House e-mail

Beware the Companies House e-mail

I have for some time now been plagued by e-mails claiming to come from Companies House, they generally say that there is a problem with web filing to Companies House. Now, as happens at the time when I first received one of these e-mail I was about the time one of the companies I am a director of was filing it’s annual report with Companies House. At first glance the e-mail looked plausible (there is a sample below) and it had come to an e-mail address which I use for company business, but something just did feel right about it.

First: it doesn’t mention the name of the company which is it supposedly referring to, just a submission number, real e-mails from Companies House always have the name of the company they are about in them.

Second: it had an attached zip file, which is odd because on the Companies House website where you can make your companies annual return by web filing, it says that you can download a pdf of the report. Confirmation e-mails from Companies House never have attachments.

Thirdly: while I am a director, I wasn’t the Company Secretary, and I would expect the Companies House to communicate with the Company Secretary in the first instance.

Fourthly: all the companies of which I am a member of the board, are registered in Scotland. Therefore, I would expect any correspondence in connection with these companies to use Companies House Edinburgh address.

Here is the test of the latest version e-mail, which I received this morning:

The submission number is: 2768706

For more details please check attached file.

Please quote this number in any communications with Companies House.

All Web Filed documents are available to view / download for 10 days after their original submission. However it is not possible to view copies of accounts that were downloaded as templates.

Companies House Executive Agency may use information it holds to prevent and detect fraud. We may also share such information, for the same purpose,
with other Organizations that handle public funds.

If you have any queries please contact the Companies House Contact Centre on +44 (0)303 1234 500 or email enquiries@companies-house.gov.uK

Note: This email was sent from a notification-only email address which cannot accept incoming email. Please do not reply directly to this message.

Companies House
4 Abbey Orchard Street
Westminster
London
SW1P 2HT
Tel +44 (0)303 1234 500

 

My suspicions aroused, I took a look at the full header of the email which immediately confirmed my suspicions, the return address and the message ID which not for Companies House, so it was obviously spam. I then decided to take Companies House advice on dealing with unsolicited/phishing e-mail, forwarding a copy of the offending e-mail to phishing@companieshouse.gov.uk as they suggest. This resulted in an immediate e-mail from my own system telling me that it had “received a message, apparently originating from you, which contains the “Mal/DrodZp-A” virus/malware. This message has not been delivered onwards to the recipients.” This was obviously caused by the attached zip file which had aroused my suspicions in the first place.

The lesson of this story is be wary of unexpected e-mails from Companies House, even if they look genuine, don’t open attachments or follow links in the body of the e-mail until you have checked that it is actually from the sender which claims to have come from. As a last line of defence always make sure that your anti virus software is up to date.

Possibly Related Posts: (automatically generated)

Tax Refund Notification

Tax Refund Notification

I had an interesting e-mail today, it claimed to be from HM Revenue & Customs (HMRC) and read as follows:

 
From: HM Revenue & Customs <refund.claim-hm@hmrc.gov.uk>
Subject: Tax Refund Notification
Date: Sat, 7 May 2011 16:19:58 +0100
To: undisclosed-recipients:

Tax Refund Notification

After the last annual calculation of your fiscal activity, we have determined that you are eligible to receive a tax refund of 973.90 GBP. Please submit the refund request and allow 5-7 days for processing. Click Here To Claim Your Refund

Best Regards,
HM Revenue & Customs

 

It looks almost real but something about it just didn’t feel right. For one thing, the address looked wrong, having been a civil servant (I used to work for the Forestry Commission) I knew that all UK Government e-mails are name@[department].gsi.gov.uk, this wasn’t from inwith the Government Secure Intranet (GSI). Then there was the fact that it was to “undisclosed-recipients”, tax calculations are personal, this suggest that has been sent to multiple people. Thirdly, it wasn’t sent to the e-mail address I use to communicate with the Inland Revenue. So I did a wee bit of digging around and sure enough I soon found that it is a scam.

If you have also received one of these e-mails, first off do not click on the link and don’t give any of you details. Secondly, forward it with the full headers to HMRC (see here for details) and help them catch the scammers, it is in interest of all of us to stop this sort of thing!

I have since been told by HMRC that it “does not use email to contact people about being eligible for a repayment or to ask personal information or payment”. So any e-mail telling you that HM Revenue & Customs is offering you a tax refund it is a scam, don’t fall for it.

Possibly Related Posts: (automatically generated)

Some recent software experiences

Some recent software experiences

What do we all really want from our software? Well speaking for my self I just want something that works, is that really too much to ask for? Recently I have had two contrasting experiences, firstly I decided it was time to upgrade my anti-virus software. So I read a few reviews and tried out a trial package which came with a computer magazine I subscribe to, and ended up buying a licence for BitDefender Internet Security 2009.

Whilst using the trial package thing seemed to work fine, but having bought a license BitDefender has become somewhat more flaky. Although it has added an anti-spam tool bar to my e-mail client (Thunderbird) it has never actually done anything, done of the buttons on the tool bar work! Fortunately Thunderbird provides its own spam detection and moves most spam messages to a junk folder as soon as they arrive. Then BitDefender went though a phase of telling that every web page I visited was a phishing site, including ones which I had written my self, none of these sites were asking for any personal information. So I thought since I am paying for support I would try their Customer Support Live Assistance, which was frustratingly slow and failed to give any useful answer. So I ended up disabling this feature as I mostly use Firefox which has far more reliable anti-phishing protection built in. Next the automatic update stopped working, having tried the customer support, I decided this time to try the Support Forum, where I found a number of threads complaining of the same problem but no solution other than to carry out manual updates until one of them sorted out the problem. Then BitDefender went through a phase of falling over as soon I went on line taking the firewall with it. Fortunately that has now stopped, but it is not want you want from a security package. So if you are thinking of getting a new antivirus and security suit, not bother buying BitDefender, it’s not worth the money. Whereas Firefox and Thunderbird are excellent value for money (they are free!).

Second recent software experience, having recently seen an upsurge in spam on one of my e-mail accounts, I realised that the contact forms I have been using on this blog and my web site have been compromised. So time to get a new contact form, this time with more robust spam protection, my old system relied on little more than a bit of JavaScript and simply hiding the e-mail address. It was only a matter of time before some nasty person figured a way of getting past this (in this case about four years). So I decided that I wanted something more secure, a PHP solution seemed like a good idea, server side processing away from prying eyes. A quick internet search yielded, Mike Cherim’s GBCF-v3 Secure and Accessible PHP Contact Form (also available as a WordPress plugin).

Now this is the sort of software I like, it is free to download, it works and if you do have a problem you can ask the developer and get a reply. Ok, if you want to make special modifications, say being able to choose more than one e-mail address from the form, he will charge you for making the mod, but then he has already given away the basic form for free and the guy has got to make a living. There is a web site which I am developing at the present where having a contact form where the user can choose from a list of recipients, who to send e-mail to, will be a useful addition. Especially if I can be reasonably confident that this won’t result in the recipients being spammed from the form.

Possibly Related Posts: (automatically generated)

Do NOT follow this link or you will be banned from the site!
%d bloggers like this: