Brits are being urged to stay vigilant after scammers posing as Boots reportedly targeted almost nine million email inboxes in a massive phishing campaign.
Cybersecurity firm Huntress said fraudsters used the high street retailer’s branding to lure victims into handing over personal and financial information through a fake customer survey.
The scam emails promised recipients a free Boots beauty sample pack in exchange for completing a short customer satisfaction questionnaire, as reported by Need To Know.
READ MORE: Brazen bike thief chased away by brave owner after trying to snatch motorcycle
Those who clicked the link were directed to what appeared to be a genuine Boots website, where they were asked to provide personal information including their name, email address, date of birth, telephone number and home address.
Victims were then prompted to enter payment card details under the guise of paying a small delivery fee.
According to Huntress, the campaign was uncovered after a small UK business installed the firm’s cybersecurity software on one of its servers on 15 May.
Investigators discovered attackers had staged six separate recipient lists containing a combined 8,894,920 email addresses and were in the process of distributing the scam emails.
The cybersecurity company said Boots’ own systems do not appear to have been breached.
Instead, the attackers allegedly hijacked a small business server and used a legitimate bulk email marketing tool known as Gammadyne Mailer to distribute the messages, making the campaign appear more authentic.
Researchers said the emails were sent using the display name “Boots [email protected]” and featured personalised subject lines containing recipients’ email addresses and randomly generated reference numbers in an apparent attempt to increase trust and avoid spam filters.
Huntress said it managed to isolate the compromised network and block almost 30,000 outbound email connections in just 104 seconds, although it was unable to determine exactly how many scam messages had already been delivered before the operation was stopped.
In another attempt to appear legitimate, the criminals allegedly hosted the fake Boots pages on a compromised Bolivian government website rather than a newly created domain.
The phishing pages were reportedly placed within a section labelled “boots_store” on the website of Bolivia’s Instituto Plurinacional de Estudio de Lenguas y Culturas, a government cultural institute. Huntress said using a trusted government domain could help the scam bypass automated security checks and appear more convincing to victims.
Researchers also found evidence suggesting the Boots scam may have formed part of a wider operation targeting UK consumers, with files linked to HMRC-themed and cryptocurrency-related campaigns also discovered during the investigation.
The retailer has been used as bait in similar scams before.
Earlier this year, fact-checking organisation Full Fact warned consumers about fake social media posts falsely claiming Boots was giving away premium perfume gift sets to customers who completed online surveys.
The latest incident highlights how major household brands are increasingly being exploited by cyber criminals to make phishing campaigns appear more trustworthy.
Consumers are being advised never to click links in unsolicited emails, even if they appear to come from well-known retailers, and to avoid entering personal or payment information unless they have independently verified a website’s authenticity.
Jam Press has contacted Boots for comment.
READ MORE: Dozens of anti-greyhound racing protesters storm Hard Rock Café – leaving diners furious
