Small and medium-sized enterprises (SMEs) have become the target of e-mail attacks originating from a cosmetics company based in Devon. Broad Oak Toiletries has become one of many companies to fall victim to e-mail address spoofing, as a current Action Fraud investigation has revealed. In a warning message on its website, Broad Oak says that its systems remain uncompromised and none of the spam messages originate from a valid company e-mail address.

The attackers use a PDF attachment that purports to be an invoice. Broad Oak has warned recipients not to open the file because it is infected; should anyone receive such an e-mail, they need to delete it immediately.

In an interview for IBTimes, company secretary Mark Goodden said that the business was almost definitely chosen at random and while the company is being used as bait none of its customers or suppliers have received the spam e-mails. Nevertheless, the company is large enough for such an incident to cause serious damage to its reputation, Goodden added.

The use of an infected document file makes this a rare form of attack. E-mail spammers typically employ malicious attachments in the shape of zipped executable files, which infect the machine directly. In this case, the attackers have used attachments that look like regular documents, which makes it possible for them to fool an antivirus programme.

Citing an Action Fraud spokesperson, IBTimes added that no company was immune to such attacks, as even corporate heavyweights like British Airways and Royal Mail have been used as bait. This is a problem which affects roughly a quarter of enterprises every year, the spokesperson noted.