Top

The sneaky Companies House scam

Rights, Scams and Politics

Updated on 16 July 2014 | 7 Comments

It's not so easy to ignore emails purporting to be from Companies House. But fall for this scam and you could lose a fortune.

I'm a non-executive company director. But before anyone asks whether I get £10,000 (plus a slap-up lunch and a chauffeur driven car) for a day spent at a meeting, or if I'm on a remuneration committee rubber-stamping billionaire banker bonuses, I ought to add that I'm an unpaid voluntary trustee/director of a charity.

It's the London Cycling Campaign as anyone putting my name into one of many company-checking websites can easily discover. My directorship of this not-for-profit cause is a matter of public record.

Accountability is good. What's not so good is the torrent of spam I receive as a result of my directorship, including a large number which purport to come from Companies House, the Government organisation which regulates the limited liability system.

Not so easy to ignore

These are in a different league to phishing emails that purport to come from banks. I happily ignore these as they rarely if ever come from the bank where I have my current account. Companies House is in a different league. I should not ignore messages as I have a number of legal duties and responsibilities as a director, despite the charity having a full time staff. So they are more dangerous.

They typically start with “A company complaint was submitted to Companies House website” followed by a submission number .

The latest I've received continues: “For more details please click : https://companieshouse.gov.uk/Case?=5480781"

Note the absence of the www which appears on the real site. Don't go to this site at home unless you are very sure of your anti-malware.

The site looks totally plausible, including an up-to-date address and phone number. But it is easy to download real material for a phoney site.

Of course, there is no complaint either real or alleged. And while I do have duties as a director, were there to be a complaint, it would be in writing – with substantial details rather than a vague email addressed to me (and my co-directors) via our company emails. A real problem would be firstly addressed to the company secretary (that's not me) rather than to all directors.

The trouble with trojans

If you click on the case number, or anywhere else in the email, you end up with a website called “ballsoutpen15”. If you look for this site, it will sometimes appear as a source of film or music reviews. A number of internet service providers automatically block this site but if you get through, you will almost certainly download something nasty.

According to anti-virus firm Sophos, this is a 'trojan' which will seek to take over your computer, possibly installing a keylogging device. This will read every letter and number you hit – enabling anyone to read passwords and log-ons.

This is far more dangerous than mere 'phishing' for bank details. Instead of just getting numbers for one bank account, the malware here could capture all your email contacts and hit them as well, on top of virtually free access to all your accounts.

This particular malware website may have been blocked, but that does not stop the perpetrators from setting up several more.

No one should ever reply to any email attack but in case of temptation, it says: “This email was sent from a notification-only email address which cannot accept incoming email. Please do not reply directly to this message.”

Getting carried away

However email spammers often expose themselves as scammers by simple errors. As I received twelve similar messages in two days – the only difference was the complaint number - it was obvious that I was being attacked. No company, especially a relatively small one, will ever be on the end of so many complaints over such a short period of time.

Companies House, the real one, says: “We have been made aware that random emails claiming to be from Companies House are being sent. These mails have not been generated by Companies House and we strongly advise customers not to open any attachments or click any suspicious links at it may contain a virus. Our customers should be assured that the details we hold have not been compromised."

More on scams:

Don't be duped by the Council Tax fraudsters

Don't fall for these Will scams

Firm pushing "the ultimate scam" closed down

The banking scam that targets the rich

Don't be enticed into this 'banned' investment!

Most Recent

5 things you should NEVER pay full price for
6 last resort options if you're struggling to pay the bills
6 ways a scammer will target your pension – and how to stay safe
prev next

Comments

  • 28 April 2014

    Does this scam warrant an article, let alone a title? If you are a company director and internet savvy you should not be taken in by any of these scams and Lovemoney constantly headlining one or two out of thousands of common scams is getting tedious. As has been pointed out ad nauseam, if you view the origin of these emails, the faked details of the sender are blindingly obvious. One general article with comprehensive advice, regularly referred to, is all we need.

    REPORT This comment has been reported.
    0

  • 28 April 2014

    If I ever get a spam supposedly from Companies House, I'll remember the article entitled, [b]'The sneaky Companies House scam'[/b]. It would be no different if the article was titled, 'The Google Play scam', or, 'The PayPal scam'. I think that we, as readers, are able to determine that the scam uses a trade mark, and that the scammers are unknowns trying to con us out of personal data or cash. Does this article really warrant a title like, [b]'The scam perpetrated by some unknowns probably from some Eastern European country, or even an African country, making out that you have received an email from Companies House'[/b]. Nah. No so catchy, is it?

    REPORT This comment has been reported.
    0

  • 27 April 2014

    I've received a number of these, over the past few months, and they were all immediately obvious to me as malware emails, because: they don't know my name; they don't know my company's name (in any case I don't have a company!); they invite me to open the attachment for details - I think genuine emails are extremely unlikely to do this, especially as the attachments were ".zip" files of about 10 to 50 kB in size. I have examined one or two of these (with AVG anti-virus in my case) which confirmed my strong suspicion that they contained a "trojan horse" malware. BTW: the details of these trojan attachments keep changing so the anti-virus cannot identify them as trojans until an anti-virus update in the day or two after they are put into circulation. Unfortunately, as I think I have commented previously, one's first reaction to [B]any[/B] emails these days must be "Oh, really, should I believe a word of this?" rather than "Oh look, so-and-so has sent me an email that I need to respond to." Oliver

    REPORT This comment has been reported.
    0

Do you want to comment on this article? You need to be signed in for this feature

Most Popular

Copyright © lovemoney.com All rights reserved.

 

loveMONEY.com Financial Services Limited is authorised and regulated by the Financial Conduct Authority (FCA) with Firm Reference Number (FRN): 479153.

loveMONEY.com is a company registered in England & Wales (Company Number: 7406028) with its registered address at First Floor Ridgeland House, 15 Carfax, Horsham, West Sussex, RH12 1DY, United Kingdom. loveMONEY.com Limited operates under the trading name of loveMONEY.com Financial Services Limited. We operate as a credit broker for consumer credit and do not lend directly. Our company maintains relationships with various affiliates and lenders, which we may promote within our editorial content in emails and on featured partner pages through affiliate links. Please note, that we may receive commission payments from some of the product and service providers featured on our website. In line with Consumer Duty regulations, we assess our partners to ensure they offer fair value, are transparent, and cater to the needs of all customers, including vulnerable groups. We continuously review our practices to ensure compliance with these standards. While we make every effort to ensure the accuracy and currency of our editorial content, users should independently verify information with their chosen product or service provider. This can be done by reviewing the product landing page information and the terms and conditions associated with the product. If you are uncertain whether a product is suitable, we strongly recommend seeking advice from a regulated independent financial advisor before applying for the products.