I sent the following email to paybyphone.co.uk:
Hi,
Just in case you're not already aware of this traffic, I received a message today purporting to come from you, addressed as:
"support at paybyphone.co.uk via mail.gus-hausbetreuung.at".
The content was:
"Westminster Pay by Phone Parking Receipt
Location: 7514
License: LCF140W
Description: St Cambridge
Start Parking: 2011/11/05 12:20pm
Stop Parking: 2011/11/05 01:20pm
Cost: 27.70 including Service Charge
You can access a full list of all your parking transactions in the attached file
Thank you for using Westminster City Council's Pay by Phone parking
service
Dangerous Attachment has been Removed. The file "Pay_by_Phone_Parking_Receipt_ 910868024.zip" has been removed because of a virus. It was infected with the "W32/EncPk.CWP!tr" virus."
The message was quarantined and the attachment deleted.
If I'd looked at their website closer, I'd have seen that they were already aware. I also received the following reply from them:
"On Wednesday 7th November 2012 PayByPhone was made aware that a series of emails purporting to be from PayByPhone were sent to an unconnected selection of email addresses by an unknown third party. The majority of recipients are not PayByPhone account holders and we are confident that our registered users’ data has not been compromised. PayByPhone upholds strict security standards, ensuring that all data is securely held in line with Payment Card Industry, Data Security Standard (PCI-DSS) standards.
The email was designed to look like a Westminster City Council parking receipt and contained an attachment. Our advice is that the email should be deleted immediately, without opening the attachment.
It appears that PayByPhone, like many large organisations, has become the victim of a ‘phishing’ (email spoofing) campaign for which the motive is unclear. We are taking steps to investigate the source of these emails and can confirm that these messages did not originate from within PayByPhone nor did they originate from Westminster City Council.
Whilst PayByPhone is not a fault, we are very sorry for the inconvenience that this scam has caused our valued customers and the many other recipients who do not have a PayByPhone account. PayByPhone are not in a position to offer technical advice on matters unrelated to the PayByPhone service, however there are many articles about ‘phishing’ scams available online which some may find helpful.
If you have any un-answered questions regarding this matter, please do not hesitate to contact PayByPhone."
You've been warned!