in UK

Something phishy from Kession Capital

Kession CapitalAmong the services that a company called Kession Capital provides is to “Lend our FCA permissions to new and existing firms”. These new and existing firms are “appointed representatives” of Kession Capital.

REDD-Monitor wrote about Kession Capital in passing in July 2015. Back then, one of Kession Capital’s appointed representatives was Centrium Capital Markets. One of the directors of Centrium Capital Markets was a man called Glenn Jamie King. You can read more about King’s antics here.

Centrium Capital Markets’ website has now disappeared, but the company is listed as “active” at Companies House. Centrium Capital Markets is no longer an appointed representative of Kession Capital.

Steven Garner, Compliance Officer at Kession Capital wrote to REDD-Monitor the day after the post about King and his companies. Here’s the final sentence of Garner’s email:

In the meantime, we request that you cease and desist and remove this article from the internet (e.g website, twitter, facebook, blog etc) within 24 hours or we, and the clients you mention in the article, will take legal action against you and the website concerned.

You can read more about Kession Capital’s response here, including Garner’s email in full.

On 25 January 2016, I received another email from Steven Garner. Here’s a screenshot:

Steven Garner

This struck me as an odd message. It was blind copied to my email address. The attachment didn’t look quite right. The document name is unusual (and didn’t look like anything addressed to me): doc01108220150902100035.pdf. Copying the url address from the link in the email gave: The attachment isn’t an attachment, but an image also linking to this website.

Had I clicked on the attachment or link when I received the email, it would have taken me to a website looking like this:

Fake Google log in

It looks like a log in page for Google. But it’s not. Symantec, a software security company, has an explanation of this “Sophisticated Phishing Scam” on its website:

After pressing “Sign in”, the user’s credentials are sent to a PHP script on a compromised web server.

This page then redirects to a real Google Docs document, making the whole attack very convincing. Google accounts are a valuable target for phishers, as they can be used to access many services including Gmail and Google Play, which can be used to purchase Android applications and content.

Of course, it’s extremely unlikely that Kession deliberately targeted me with this phishing email. A much more likely explanation is that the email went out to all of Kession Capital’s contacts after their email account (or a computer in Kession’s office) was infected by a virus. In which case, I look forward to an email from Kession apologising for any inconvenience caused by their email.

Clicking on the link in Kession Capital’s email now takes us to this page:



Leave a Reply