Mystery of William Wilke Morrisons emails solved

Who is William Wilke? That’s the question many Morrisons customers have been asking, after receiving an email for signing up to an online shopping account.

This was a legitimate automated welcome email. The grocery giant said that “an unknown third party” had “acquired” email addresses from the web to register the accounts. It deleted the fraudulently created accounts and confirmed that “there is no other associated information relating to it”, such as names, card details and addresses.

“There is no impact on you as the owner of the email address used, and you do not need to take any further action,” Morrisons added. It declined to reveal how many individuals were affected.

GlobalData technology writer Rob Scammell said: “The email addresses were likely part of a list of email addresses compromised during a previous data breach with another company. Email addresses, along with other personal details, are often compiled into large databases traded by scammers online for the purpose of carrying out new attacks.”

“As these are in the open anyone can scrape them and use them as a target list for different purposes. Spam, phishing or, in this case, what seems to be a smear campaign towards Morrisons,” commented principal security consultant at Finnish cybersecurity firm F-Secure Tom Van de Wiele.

“The attacker probably automated the sign-up process, saw that it sent an email without the need for a CAPTCHA [the human verification process], and seeded it with the target list, resulting in people complaining and pointing their pitchforks at Morrisons.”