Debunking email hoaxes and exposing Internet scams since 2003!

Hoax-Slayer Logo Hoax-Slayer Logo

Home    About    New Articles    RSS Feed    Subscriptions    Contact
Bookmark and Share

Issue 112 - March 2011 - Page 24

Post Express 'Incorrect Delivery Address' Malware Emails

Issue 112 Start Menu

Previous Article            Next Article

Email purporting to be from "Post Express Support", claims that a package sent by the recipient has been returned because of incorrect delivery details. The email instructs the recipient to open an attached file to print out a mailing label.

Brief Analysis
The email is not from Post Express or any legitimate postal delivery service. The claim that a package has been returned is untrue. The attachment does not contain a mailing label as claimed. In fact, opening the attachment can install a trojan on the user's computer.

Bookmark and Share
Detailed analysis and references below example.

Last updated: 9th February 2011
First published: 9th February 2011
Article written by Brett M. Christensen
About Brett Christensen and Hoax-Slayer

Subject: Post Express Service. Your package delivered! NR6776

Dear client

Your package has been returned to the Post Express office.
The reason of the return is "Incorrect delivery address of the package"

Attached to the letter mailing label contains the details of the package delivery.
You have to print mailing label, and come in the Post Express office in order to receive the packages.

Thank you for your attention.
Post Express Support

Detailed Analysis
According to emails purporting to be from "Post Express Support", the recipient's package has been returned to the Post Express Office because delivery details were incorrect. The message instructs the recipient to open an attached file, supposedly in order to print out a mailing list that can be taken to the Post Express Office so that the package can be collected.

However, the email is certainly not from "Post Express" or any other legitimate package delivery service. And the claim that a package has been returned is nothing more than a ruse designed to trick recipients into opening the attached file. The attachment does not contain a mailing label as claimed in the message. Instead, opening the attached file can install a trojan on the user's computer. Once installed, the trojan can send information to malicious servers and may download other malware.

The tactic used in this attack is nothing new. Criminals have used the returned or failed package delivery ruse a number of times in the past as a means of distributing malware. Another version that has been used and reused since at least 2008, claimed that a package being delivered by United Parcel Service (UPS) had not been delivered due to addressing problems. In 2010, another very similar version claimed that the returned package had been sent by FedEx. In both versions, an attachment to the emails that supposedly contained a mailing label, in fact carried dangerous malware.

The scammers rely on the fact that many recipients may open the attachment out of simple curiosity or concern, even if they were not actually expecting a package delivery. This canny social engineering trick is likely to be repeatedly used and reused by criminals intent on distributing malware. Users should be very cautious of any unsolicited emails that claim that a package delivery has failed or been returned. No legitimate delivery company is likely to send notice of a failed delivery via an unsolicited email with an attached mailing label file.

Bookmark and Share References
Outbreak: Post Express Service malware attack spammed out
Not Able to Deliver UPS Package Malware Email
FedEx Incorrect Delivery Address Malware Email

Previous Article            Next Article

Issue 112 Start Menu

Pages in this month's issue:
  1. Money Laundering Scam - Christchurch Earthquake Charity Support Job
  2. False Claim - Viral Video Shows 92 Year Old Ginger Rogers Dancing With Her Great Grandson
  3. Flu Remedy Myth - Onions Absorb Viruses and Bacteria From a Room
  4. False Claim - Onions are Magnets for Bacteria
  5. The Fly in the Urinal - Schiphol Airport Toilet Aim Improvement Technique
  6. Blackberry Award Advance Fee Scam
  7. Overblown Warning - Phone Numbers Now On Facebook
  8. UK Post Office Online Reward Program Phishing Scam
  9. Amber Alert Hoax - Mitsubishi Eclipse With Plate Number 98B351
  10. Hitman Payoff Scam Email
  11. Facebook 'See Who Viewed Your Profile' Scams - Rogue 'Stalker' Apps
  12. Analysis of a Hijacked Account Overpayment Scam - Boat and Trailer For Sale
  13. Tick Removal Advice - Liquid Soap Technique
  14. Does Rubbing Vicks VapourRub on Your Feet Relieve Coughing?
  15. Mike The Hacker Scam Emails
  16. DVLA Update Driver's Licence Phishing Scam
  17. Plea to Help Find Homes for 52 Thoroughbred Horses
  18. Prime Minister Howard - Muslims Out Of Australia
  19. Unsubstantiated Rumours Claim Michelle Obama is Pregnant
  20. AOL 'Billing Update Must be Performed' Phishing Scam
  21. Health Canada Warning - Over The Counter Drug Recall
  22. Do Not Call - Mobile Phones Going Public Hoax
  23. Facebook Grant Award Advance Fee Scam
  24. Post Express 'Incorrect Delivery Address' Malware Emails
  25. Adobe Acrobat Upgrade Phishing Scam Emails
  26. Mobile Phone Tips - Things You Never Knew Your Mobile Phone Could Do
  27. Telstra Bill Account Update Phishing Scam