A new, clever and dangerous type of email is currently about. It tricks you into thinking it’s genuine by using your name and street address not just your email address.
Here’s an example with the name and address obscured:
Source: BBC with the name removed by us
Even the company name is real, though they have nothing to do with the bogus message.
The aim of the sender isn’t to get the stated amount from you … they want you to click that link!
The web page will install, or try to install, ransomware.
Ransomware is nasty. It encrypts all the data on your computer including accessible external drives and network shares. It can potentially also lock you out of cloud stored data (when it’s synced with a local folder on your computer) and Windows File History too.
You have to pay a ransom to get the unlocking key to get your data back. That’s assuming you get an unlock key and the hacker don’t just run with your money. Sometimes the hackers mess up the ransomware code and no-one can unlock the encrypted files.
What to do
Hopefully, news of this new ransomware and variations will reach the filtering software on your mail host and it will stop most of these dangerous messages.
But those anti-spam/hacking filters aren’t perfect so you need to be on your guard.
Be suspicious of any unexpected messages.
How did they do it?
How are the hackers getting someone’s physical address as well as name and email?
Most likely they’ve got hold of a database from some company or organization. Finding the source of the leak would be difficult, if not impossible.