Issue 112 - March 2011 - Page 24
Post Express 'Incorrect Delivery Address' Malware Emails
Email purporting to be from "Post Express Support", claims that a package sent by the recipient has been returned because of incorrect delivery details. The email instructs the recipient to open an attached file to print out a mailing label.
The email is not from Post Express or any legitimate postal delivery service. The claim that a package has been returned is untrue. The attachment does not contain a mailing label as claimed. In fact, opening the attachment can install a trojan on the user's computer.
Detailed analysis and references below example.
Last updated: 9th February 2011
First published: 9th February 2011
Article written by Brett M. Christensen
About Brett Christensen and Hoax-Slayer
Subject: Post Express Service. Your package delivered! NR6776
Your package has been returned to the Post Express office.
The reason of the return is "Incorrect delivery address of the package"
Attached to the letter mailing label contains the details of the package delivery.
You have to print mailing label, and come in the Post Express office in order to receive the packages.
Thank you for your attention.
Post Express Support
According to emails purporting to be from "Post Express Support", the recipient's package has been returned to the Post Express Office because delivery details were incorrect. The message instructs the recipient to open an attached file, supposedly in order to print out a mailing list that can be taken to the Post Express Office so that the package can be collected.
However, the email is certainly not from "Post Express" or any other legitimate package delivery service. And the claim that a package has been returned is nothing more than a ruse designed to trick recipients into opening the attached file. The attachment does not contain a mailing label as claimed in the message. Instead, opening the attached file can install a trojan on the user's computer. Once installed, the trojan
can send information to malicious servers and may download other malware.
The tactic used in this attack is nothing new. Criminals have used the returned or failed package delivery ruse a number of times in the past as a means of distributing malware. Another version that has been used and reused since at least 2008, claimed that a package being delivered by United Parcel Service (UPS)
had not been delivered due to addressing problems. In 2010, another very similar version claimed that the returned package had been sent by FedEx
. In both versions, an attachment to the emails that supposedly contained a mailing label, in fact carried dangerous malware.
The scammers rely on the fact that many recipients may open the attachment out of simple curiosity or concern, even if they were not actually expecting a package delivery. This canny social engineering trick is likely to be repeatedly used and reused by criminals intent on distributing malware. Users should be very cautious of any unsolicited emails that claim that a package delivery has failed or been returned. No legitimate delivery company is likely to send notice of a failed delivery via an unsolicited email with an attached mailing label file.
Outbreak: Post Express Service malware attack spammed out
Not Able to Deliver UPS Package Malware Email
FedEx Incorrect Delivery Address Malware Email
Pages in this month's issue:
- Money Laundering Scam - Christchurch Earthquake Charity Support Job
- False Claim - Viral Video Shows 92 Year Old Ginger Rogers Dancing With Her Great Grandson
- Flu Remedy Myth - Onions Absorb Viruses and Bacteria From a Room
- False Claim - Onions are Magnets for Bacteria
- The Fly in the Urinal - Schiphol Airport Toilet Aim Improvement Technique
- Blackberry Award Advance Fee Scam
- Overblown Warning - Phone Numbers Now On Facebook
- UK Post Office Online Reward Program Phishing Scam
- Amber Alert Hoax - Mitsubishi Eclipse With Plate Number 98B351
- Hitman Payoff Scam Email
- Facebook 'See Who Viewed Your Profile' Scams - Rogue 'Stalker' Apps
- Analysis of a Hijacked Account Overpayment Scam - Boat and Trailer For Sale
- Tick Removal Advice - Liquid Soap Technique
- Does Rubbing Vicks VapourRub on Your Feet Relieve Coughing?
- Mike The Hacker Scam Emails
- DVLA Update Driver's Licence Phishing Scam
- Plea to Help Find Homes for 52 Thoroughbred Horses
- Prime Minister Howard - Muslims Out Of Australia
- Unsubstantiated Rumours Claim Michelle Obama is Pregnant
- AOL 'Billing Update Must be Performed' Phishing Scam
- Health Canada Warning - Over The Counter Drug Recall
- Do Not Call - Mobile Phones Going Public Hoax
- Facebook Grant Award Advance Fee Scam
- Post Express 'Incorrect Delivery Address' Malware Emails
- Adobe Acrobat Upgrade Phishing Scam Emails
- Mobile Phone Tips - Things You Never Knew Your Mobile Phone Could Do
- Telstra Bill Account Update Phishing Scam