Image
If you receive a suspicious email that either mentions the FHT or claims to be from the FHT, please follow these steps.
Do not click any links or open any attachments contained in the email.
Check the senders email address. Genuine FHT emails will end @fht.org.uk. Are there any obvious signs of spoofing, such as slight misspellings or unusual domain names?
Report suspicious emails to your email service provider and block the sender.
Notify the FHT at info@fht.org.uk so that we can monitor the situation, alert other members and take appropriate steps.
Recent activity.
This is an example of a recent suspicious email, received by an FHT member. It has come from the domain @e-succesb.live. It has not come from the FHT. This sender is not in any way connected to the FHT.
We currently believe that this sender has used "scraping" software to collect email addresses from the publicly available information shown on the FHT Find a therapist register. If you receive this email, you will notice that the greeting is the first part of the email address that you use on your Find a therapist profile. For example if your email address is listed as hello@thesalon.co.uk the spam email will be addressed "Hi Hello".
Please report the email as Spam and delete it. This will help your mail service learn which senders are potential threats.
The FHT is taking this incident very seriously and has reported the emails to the National Cyber Security Centre. We are working with our IT team to obfuscate any similar attempts in the future. We understand that these suspicious emails are concerning for our members, and we would like to assure your that our internal systems are very secure, and there is no evidence to suggest a wider data breach. We will continue to stay vigilant and take appropriate action to protect the personal information of the membership.
New Obfuscation Coding implemented.
In response to this recent spate of suspicious emails, the FHT has deployed new type of obfuscation coding to all email addresses and phone numbers on the Find a therapist register. Member's should not be able to see any difference, however if you were to look at the raw HTML code for the website you would now see that what used to appear as "thesalon@massageworld.co.uk" now appears as a string of unintelligible characters "e_s67c02239391a7965711604..." This is a relatively strong method of obfuscation and makes it difficult to reverse engineer. This technique also maintains search engine visibility, which can be a problem with other obfuscation techniques.
Competition Results
If you have been contacted about winning a competition, this will generally come from our editor’s email, either editor@fht.org.uk or msteel@fht.org.uk. However, if you are concerned that the email you have received may be suspicious, get in contact with the team at info@fht.org.uk or via 023 8062 4350 before replying with any personal information.
Terminology
Spam is any kind of unwanted communication that gets sent out in bulk.
Spoofing is a type of attack where the attacker impersonates a legitimate organisation.
Phishing is a type of attack where the attacker uses a fraudulent communication to trick the recipient into providing personal data or information.
Bots are computer programs that execute a repetitive task. Bots are used across the internet to scrape contact information from the background code of a website for the purposes of sending spam communications.
Scraping is the process of using automated bots to collect data from an online source.
Personal Email Security Recommendations for Members
It's good practise to ensure that your personal email accounts have robust spam filters enabled. The FHT recommends using email services that offer advanced phishing protection. Take a look at this handy guide, put together by our IT Team. Don't forget to add the FHT to your safe senders!