In October 2015, Red Funnel, a ferry operator based in Southampton, UK, fell victim to a phishing attack targeting its customers. Attackers sent fraudulent emails disguised as booking confirmations (subject: *‘Confirmation 5838547’* from *post@redfunnel.co.uk*), containing a malicious MS Word file with embedded macros. If opened, the file installed malware designed to steal credit card details and passwords from victims. The attack exploited customer trust by referencing a fake bank account (5838547) to lend credibility. While the phishing campaign successfully distributed malware to customers, there was no evidence that Red Funnel’s internal systems or databases were compromised. The primary impact stemmed from fraudulent activity against customers, including potential financial losses and reputational damage due to the association with a malicious campaign originating from a spoofed company email.
Source: https://www.tradewindsnews.com/andalso/scam-email-hits-red-funnel/1-1-368419
TPRM report: https://www.rankiteo.com/company/red-funnel-group
"id": "red602092125",
"linkid": "red-funnel-group",
"type": "Cyber Attack",
"date": "10/2015",
"severity": "60",
"impact": "2",
"explanation": "Attack limited on finance or reputation"{'affected_entities': [{'customers_affected': 'Unknown (targeted phishing '
'emails sent to customers)',
'industry': 'Transportation (Ferry Operator)',
'location': 'Southampton, UK',
'name': 'Red Funnel',
'type': 'Company'}],
'attack_vector': 'Email (Malicious MS Word attachment with macro-based '
'malware)',
'data_breach': {'data_exfiltration': 'Attempted (via malware)',
'personally_identifiable_information': 'Yes (passwords and '
'payment details)',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Credit card details',
'Passwords']},
'date_detected': '2015-10',
'description': 'In October 2015, Red Funnel was hit by a phishing attack in '
'Southampton, UK. A bogus email containing a MS Word file with '
'a virus was sent to customers with the bank reference number '
'5838547. The fake booking confirmation emails were sent from '
'post@redfunnel.co.uk with the subject heading ‘Confirmation '
'5838547’. If the file was opened, it would attempt to run a '
'macro to install malware aimed at stealing credit card '
'details and passwords. There was no indication that Red '
'Funnel’s security systems were compromised.',
'impact': {'brand_reputation_impact': 'Potential reputational damage due to '
'phishing attack targeting customers',
'data_compromised': ['Credit card details', 'Passwords'],
'identity_theft_risk': 'High (due to stolen credentials and '
'payment information)',
'payment_information_risk': 'High (credit card details targeted)'},
'initial_access_broker': {'entry_point': 'Phishing email (malicious MS Word '
'attachment)',
'high_value_targets': 'Customer credit card details '
'and passwords'},
'investigation_status': 'No indication of Red Funnel’s systems being '
'compromised; attack targeted customers via phishing.',
'motivation': 'Financial gain (theft of credit card details and passwords)',
'post_incident_analysis': {'root_causes': 'Successful phishing attack '
'exploiting human vulnerability '
'(opening malicious attachment).'},
'title': 'Red Funnel Phishing Attack (October 2015)',
'type': 'Phishing',
'vulnerability_exploited': 'Human error (opening malicious attachment)'}