Hackers are sending emails purporting to be from the MoneyExpert.com website but addressed to usernames of MoneySavingExpert.com forumites.

The messages contain a virus known as a 'trojan' but it is only a threat if you open the email, click on the link and then download the malicious software.

This incident re-enforces the must-touted advice that if you receive any suspicious emails, whether as a result of this incident or any other, do not open them or click any attachments.

We would also urge everyone to ensure they have updated anti-virus software installed on their computer (see the Free Anti-Virus software guide).

The emails have nothing to do with ourselves, MoneyExpert.com or financial information site Defaqto, which is mentioned in this malicious spam.

What does the dodgy email look like?

Below is the text contained in many of the spam emails that have been reported.

We have no idea yet how many people have got it, though we believe it is ONLY being sent to members of our forum. Those who just view the forum, use the site, or are on the weekly email list aren't affected, as far as we know.

In most cases the email will harmlessly go into your spam or junk folder, but if not, this is the current message to look out for.

MoneyExpert: News-Tool.
At MoneyExpert, we believe it's only fair that you can compare products from the whole of the marketplace. After all, it's the only way to be sure you're not missing that perfect deal. That's why we insist on being independent, which means we're never biased towards any particular company. We provide details on every product from all of the major providers in the market. We partner with Defaqto, the people who deliver product data to the FSA, to ensure that our tables are accurate and complete. You can find out more about Defaqto at www.defaqto.com.
Download "MoneyExpert News-Tool":
[link removed]
MoneyExpert is VAT registered. Our VAT registration number is 825281335.

It's important to remember that there are only a few types of emails sent by MoneySavingExpert.com. These are:

  • The weekly money tips email (and very rare 'one-offs' about big MoneySaving changes such as the bank charges court verdict).
  • Confirmation emails or auto-replies after you opt to get the weekly email, join the forum or email certain MSE addresses first.
  • Notifications about events in the forum (eg, subscriptions to threads, received PMs) - but only if you have opted to receive them.
  • Replies from MSE team members when you have emailed them first (eg, from the abuse team when you have emailed abuse@moneysavingexpert.com).
  • Anything else will be spam.

What is a 'trojan' virus?

It is malicious software that purports to be useful to the user but runs or installs something harmful.

In this case, it appears the virus leads to users having pop-ups directing them to online stores, though this is still subject to investigation.

What are the chances of infection?

As already mentioned, the mails will often end up unnoticed in junk folders.

But even if you can spot the email, you are still three steps away from activating the virus.

You would first have to open the email, then click on the link, then run the malicious software. Even then, a good anti-virus programme should block it (read about Free Anti-Virus software).

If you unwittingly download the virus, ensure you run some anti-virus software to remove it.

As hackers have users' email addresses you may get dodgy emails in future, though they will be no different to those we all receive purporting to be from our bank or other institution.

How has this happened?

It appears the emails are the result of a breach of our forum security.

We have been investigating the problem since first uncovered yesterday and we have reported it to the police.

We have found no evidence of a recent hack so it is most likely email addresses were stolen during an attempt in November last year (see the Hackers target web users MSE News story) though we will continue to investigate.

There have been some reports of users who joined the forum after 2010 getting the email, but that is still to be verified.

If you have joined since and received the email, please contact us at forumteam@moneysavingexpert.com with your forum username so we can investigate or vote in our poll to determine whether this is only affecting older users or not.

MoneySavingExpert.com, like all major websites, is subject to unsuccessful attempted hacks virtually every minute, and we have hired external security consultants to fend off these criminals.

What other information could hackers have stolen?

Other than email addresses, we don't hold any personal information on individuals so a successful hacker would have limited data to steal.

It is unlikely hackers have got hold of forum passwords – they are encrypted and even we can't see them – but it is nevertheless a timely reminder to ensure you use different passwords for online banking and other sensitive sites to those used on social networking.

If you do use both the same email and password for your MSE forum account and your bank, while it is extremely unlikely you'll be hacked, as a safety precaution we would suggest you change your passwords to be safe.

What are we doing about it?

MoneySavingExpert.com webmaster Brendan Perrett says: "There are attempts to penetrate the security of MSE every few seconds, 24 hours a day.

"We have been doing our best to keep things secure but there's always a chance, for any site on the web, that hackers might get through.

"We've found no evidence of any new breach in our security but the evidence is that at least some data has got out so we'll keep investigating and continue to do what we can to lock down unauthorised access to our site.

"We are sending a message to all our forum members (via the forum, not via email) to inform them, tell them what it means and what to look out for."

MoneySavingExpert.com creator Martin Lewis, adds: "It looks like we've been hacked, whether recently or in the past and I want to I apologise wholeheartedly. It's not for want of trying, we know we get attacked on a regular basis and have invested in trying to protect our users.

"We've been through security improvements over the last year including bringing in outside consultants to check for flaws and advise. Yet this unfortunately reflects the murkier side of the internet – where determined hackers can and do find holes, whether in the MSE forums, Nasa, the navy or banks.

"The forum is run using a 3rd party software called Vbulletin, and we rely on its protection to look after the files.

"An upgrade to that is available and it is on our list, but it is a massive exercise of many months to rebuild all the features we've added (many on users' request) and isn't something that can happen quickly.

"Thankfully, we don't hold any personal data on individuals, barring email addresses. That is and always has been a deliberate policy because I don't want us to data mine individuals and it means in the event something like this happens the worst that can happen, we hope is inconvenience.

"We have reported this to the police and of course the technical team are focused on trying to find out what happened and if any holes in our security remain. Apologies again for any inconvenience."

Further reading Key links

Computer protection: Free Anti-Virus