Who is William Wilke? That’s the question scores of Twitter users have been asking British supermarket Morrisons, after receiving an email for signing up to an online shopping account. The problem? None of these individuals signed up with the food chain and all of the emails are addressed to a person named William Wilke.
Those affected voiced concerns as to how Morrisons came in possession of their email address, with some worried that the email was fraudulent or the result of a data breach.
But the email, seen by Verdict, is a legitimate automated welcome email from Morrisons. The supermarket chain told Verdict that “an unknown 3rd party” had “acquired” email addresses from the web to register the accounts.
Morrisons said that it had deleted the fraudulently created accounts and confirmed that “there is no other associated information relating to it”, such as names, card details and addresses.
“There is no impact on you as the owner of the email address used, and you do not need to take any further action,” Morrisons added.
Verdict asked Morrisons how many individuals were affected, but Morrisons declined to comment.
@Morrisons I’ve received an email asking to finish my order addressed to someone called William Wilkes. Please can you check my details aren’t being used fraudulently, or if this was just sent by mistake. Although I don’t use Morrison’s so my email shouldn’t be in your system…
— Robyn Mann (@RobynMann94) October 22, 2019
How did ‘William Wilke’ get your email address?
The email addresses were likely part of a list of email addresses compromised during a previous data breach with another company. Email addresses, along with other personal details, are often compiled into large databases traded by scammers online for the purpose of carrying out new attacks.
“As these are in the open anyone can scrape them and use them as a target list for different purposes,” said Tom Van de Wiele, principal security consultant at Finnish cybersecurity firm F-Secure. “Spam, phishing or, in this case, what seems to be a smear campaign towards Morrisons.
“The attacker probably automated the sign-up process, saw that it sent an email without the need for a CAPTCHA [the human verification process], and seeded it with the target list, resulting in people complaining and pointing their pitchforks at Morrisons.”
I received the "William Wilke" email too. The headers suggest it was genuinely sent from Morrisons via MessageLabs. The "to" address is distinct so I know the source of the data leak, which is not Morrisons, but Morrisons still need to delete these fraudulently-created accounts.
— Lovell Fuller (@lovell) October 23, 2019
Usually, with fraudulent emails a scammer will imitate a legitimate company to lure people into clicking on a harmful link. But in this case, it is unclear why someone went through the effort of automating the sign-up process to send out legitimate emails.
“Attribution and understanding motivation of attacks or incidents is never precise so I’m not surprised there is confusion and speculation around this story,” said Matt Walmsley, head of EMEA marketing at cybersecurity firm Vectra.
Those who received the William Wilke Morrisons email can check if their email address has been involved in a historic data breach on Have I Been Pwned. If the email address has been compromised in the past, updating the passwords on other accounts that used the same password is advised.
“It’s not a huge deal, as it’s just an email, but I’m sure the people at Morrisons’s PR department had different plans for the day,” added Van de Wiele.
Verdict deals analysis methodology
This analysis considers only announced and completed deals from the GlobalData financial deals database and excludes all terminated and rumoured deals. Country and industry are defined according to the headquarters and dominant industry of the target firm. The term ‘acquisition’ refers to both completed deals and those in the bidding stage.
GlobalData tracks real-time data concerning all merger and acquisition, private equity/venture capital and asset transaction activity around the world from thousands of company websites and other reliable sources.
More in-depth reports and analysis on all reported deals are available for subscribers to GlobalData’s deals database.