• Got a Boots email offering 'free gift beauty sample pack'? Well,

    From TechnologyDaily@1337:1/100 to All on Thu Jun 18 06:15:25 2026
    Got a Boots email offering 'free gift beauty sample pack'? Well, 8.8 million of us got the same thing from Romanian hackers looking to steal our credit cards (and more)

    Date:
    Thu, 18 Jun 2026 05:05:00 +0000

    Description:
    Hackers impersonated Boots in a large phishing campaign using compromised systems, fake surveys, and millions of emails to steal personal information.

    FULL STORY ======================================================================Copy link Facebook X Whatsapp Reddit Pinterest Flipboard Threads Email Share this article 0 Join the conversation Follow us Add us as a preferred source on Google Newsletter Subscribe to our newsletter Fake Boots emails reached 8.9 million addresses through a massive phishing campaign Hackers used a government website to host their fraudulent Boots checkout page Romanian attackers turned a compromised business server into an email distribution platform Millions of UK shoppers were exposed to a fake Boots promotion after hackers sent emails offering a free beauty sample pack through a large phishing campaign.

    The operation used a fake customer survey to collect personal details while directing victims toward a fraudulent checkout process requesting sensitive information. Researchers from Huntress claim, the campaign involved 8,894,920 email addresses and infrastructure connected to Romanian-speaking threat actors. Latest Videos From Watch full video here: A fake Boots offer backed
    by a large phishing operation The emails appeared to come from Boots and encouraged recipients to complete a short survey in exchange for a beauty sample package and promotional benefits.

    The campaign relied on familiar branding to make the message appear
    legitimate while directing users to a cloned website designed for information collection. You may like How scammers use "scraped New York Times content" to trick security scanners Free email accounts contributing to nearly half of
    all commercial spam New 'scareware' attack hits 2.8 million victims, pretending to lock them out of your browser

    The fake page requested details including names, email addresses, dates of birth, phone numbers, and home addresses, before reaching payment
    information.

    Huntress found that the phishing content was hosted on a compromised Bolivian government website belonging to IPELC, rather than an attacker-controlled domain. Are you a pro? Subscribe to our newsletter Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed! Contact me with news and offers from other Future brands Receive email from us on behalf of our trusted partners or sponsors By submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over.

    They placed the phishing kit inside a hidden directory on the legitimate government domain to benefit from its existing reputation.

    The email campaign was sent using Gammadyne Mailer, a legitimate bulk mailing app that attackers installed on a compromised UK business terminal server.

    The server was not used to deploy ransomware or steal files from that business, but instead acted as a platform for sending fraudulent messages. What to read next Experts reveal how hackers use fake DHL messages to lure in victims 'Cybercriminals are industrializing deception': new report reveals
    how major global cybercrime syndicates have infiltrated trusted domains with millions now at risk - here's what you need to know Hackers exploit Robinhood account creation tool to launch worrying phishing scam

    The attackers loaded six recipient lists named milk (1) through milk (6), containing almost 8.9 million email addresses prepared for the campaign.

    Huntress recovered a project file named dracii.mmp, which contained details about the email delivery settings, phishing links, and campaign
    configuration. Compromised systems helped deliver the fake messages Investigators found that attackers accessed the UK business server through an exposed remote access system using stolen credentials before staging the phishing operation.

    The compromised server then let them send messages directly from the organisation's internet connection, keeping their own infrastructure hidden from blocklists.

    The mailer was configured for direct-to-MX delivery, using 666 simultaneous threads with zero throttling applied to maximize sending speed.

    Huntress later isolated all 25 endpoints connected to the business
    environment and blocked 29,954 outbound SMTP connections within a 104-second period.

    The company also contacted Bolivia's national CSIRT after discovering that
    the government website had been compromised and used to host the phishing material.

    The recovered files suggested that the Boots campaign was part of a broader operation involving other UK-focused themes including tax-related and cryptocurrency messages.

    The same toolkit appeared to have been reused across multiple compromised systems since July 2025. Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds.



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/got-a-boots-email-offering-free-gift-be auty-sample-pack-well-8-8-million-of-us-got-the-same-thing-from-romanian-hacke rs-looking-to-steal-our-credit-cards-and-more


    --- Mystic BBS v1.12 A49 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)