Citizen of Bermuda and holiday home owners have been warned to be diligent following the identification of a new BELCO email scam. Guidance has now been issued by the company after some customers were targeted by scammers and were issues with malware-infected emails from the company’s email domain.
BELCO, the Bermuda Electric Light Company Limited, provides electricity to homes in Bermuda and is the only supplier available in the British Overseas Territory. All people who own or rent a property on the islands are in danger of receiving a spam email that could possibly infect their computer, mobile phone, tablet or laptop with malware.
The sort of malware included in the spam emails is a type of ransomware. This sort of malware is particularly dangerous as it will permit the perpetrators of the campaign to lock files on an infected computer and possibly also on a business network to which the device logs onto. The malware sent in the BELCO email scam can also cause corruption of computer files. The hackers behind the campaigns have designed the malware to give victims little option but to pay the ransom.
Critical files are encrypted via the ransomware to stop the user from obtaining access. The only way of regaining access to the files is to restoring them from a backup or by agreeing to the ransom demand. Once a ransom has been paid, the criminals behind the BELCO malware attack will issue a security key that can be used to rescue the data. There is no guarantee that the security key will be issued once the ransom has been paid and it is conceivable that the criminals persist with extorting customers who give into their demands.
On a personal computer, files including personal documents or family photographs could possibly be encrypted and lost. For business users the danger is even higher. Without access to critical files, all business could effectively come to a halt. Even if a backup can be implemented to restore the ransomware-encrypted files, major losses could be suffered. Carrying out a full restoration of data takes time and unless a backup was completed just minutes before files were encrypted, some data will be lost in any case. Customers will also suffer disruption to services while remediation takes place and systems are restored.
Spotting spam and scam emails
The BELCO email scam is realistic. It could easily be considered a genuine email if the recipient of the email is not very security conscious. There are giveaway signs that it is not genuine:
- The email address is not the same as the one usually used by the company to issue electronic electricity bills
- There is a threat included in the email – Swift action is needed to avoid unpleasant consequences
- There is inadequate information included in the email body, requiring the user to click on an attachment
- The email address includes spelling mistakes not typically seen with correspondence used by reputable company – billerz
Peoples, and especially companies, should think about implementing additional controls to stop emails such as this from being delivered. Implementing a spam filtering solution will stop the vast majority of spam and scam emails from being issued. As more phishing and spam emails are being broadcast, and the perpetrators are growing more skilled at coming up with convincing campaigns, this is one of the wisest defenses to stop accidental malware infection. The price of an Anti-Spam solution will be significantly less than the cost of a ransom to unlock vital files.
