WARNING: Business scam/spoof email requested payment of just under £10,000


Screenshot: Spear Phishing / Whaling Scam email

Quick heads up to anybody searching for information about this. As of 24th January 2018 there appear to be an influx of emails to businesses around the UK trying to trick the accounts department into paying large sums of money to a new beneficiary.

The body of the email is short and to the point:

I need you to process a “Faster Payment” to a new beneficiary, can you handle this right now?

Payee details attached.


<Director’s Name>

Sent from my iPhone.

The emails generally appear to come from the name of a company director and the email address may look legitimate but the hidden “reply to” address is different and the contents of the email and attachment are a scam. The reply to email address is subtly changed and instead of .co.uk on the end of the email address it’s .co.uk-k.uk which a lot of people might not notice, especially on a small smart phone screen that truncates text.

My accounts department (i.e. me) recently received such an email. It appears to have come from an employee I do not have and the attacment is a spoof Lloyds TSB payment details page requesting £9,855.00 with UK BACS details included.

Payment Details Lloyds Bank Plc Henry Duncan House, 30 George Street, Edinburgh EH1 4LH Total due £9,855.00 Payee Name Samantha Parkin Bank Name Lloyds Bank Plc Account Number 10261784 Sort Code 30-64-24 Sub-total (Exc. VAT) Total Inc VAT Balance Due Amount ( GBP ) £9,855.00 0,00 £9,855.00 £9,855.00 Plus VAT (20%) The contents of this invoice and any attachments are confidential. They are intended for the named recipient(s) only. If you have received this invoice in error please notify the the sender immediately and do not disclose the contents to anyone or make copies.

The email sign off includes “Sent from my iPhone” which is probably to help make the otherwise short email seem legitimately like it was typed on an iPhone from the Director.

The amount varies, some have been £9,945.00 some £9,855.00 but they always seem to keep it below £10,000 which is presumably to stop it requiring second authorisation or flagging up on any bank system checks.

The hidden internet headers show the source of the original message:

Received: from vps167794.vps.ovh.ca (unknown [])
by cust-smtp-auth4.fasthosts.net.uk (Postfix) with ESMTPA id 6568F7435EF

If you receive a similar email please report it to ActionFraud immediately who can then take action to freeze the bank accounts and try and trace the criminals behind it.

You can also find more information on this here and here.

Update 21/02/2018 – another scam email received

Three weeks after my initial scam email was received, I have just received another almost identical whaling/spear fishing scam email.

Subject: Faster payment


I nеed you to mаkе а “Fastеr Paуment” for a new vеndor.
Pаyее details attachеd.


<faked name>

Sent from mу iPhone.


Payee Details this time were:

Payee Name Jasmine Brooks
Bank Name Lloyds Bank Plc
Account Number 10250163
Sort Code 30-64-13

Lloyds TSB scam bank details
Screenshot: Spear Phishing / Whaling Scam email

Update 14/03/2018 – another scam email received

It looks like I’m on a list and they’re stupid enough to continue trying to scam me. I’ll keep updating this post every time I receive a spear fishing email to make sure the account number and sort code are indexed by Google and hopefully prevent somebody losing money if they Google the details.

Pleasе hаndlе а £8,625.00 fаster pаymеnt in favour of the new contrасtor.

Sort сodе: 30-61-22

Aсc. number: 10434154

Beneficiary: Heidi Smith

I will forwаrd thе раperwork onсe i’m lеss busy.

Leavе a rеply once done or if уou get anу problеm whilе sеtting it uр.



Sеnt from my iPhone.


One Reply to “WARNING: Business scam/spoof email requested payment of just under £10,000”

  1. As of June 1 they are still coming – this time under HSBC branded attachment using same Lloyds Bank branch address and different name and account numbers.

Leave a ReplyCancel reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.