Costco, Walmart, Best Buy 'Delivery Problem' Emails Point to Malware
OutlineEmails purporting to be from Costco, Walmart or Best Buy claim that the delivery of an order has been cancelled due to an addressing problem. Recipients are instructed to click a link and complete a form to organize delivery of the order.
© Depositphotos.com/ maxkabakov
Brief AnalysisThe emails are not from Costco, Walmart or Best Buy and the supposed delivery problem is a ruse designed to trick recipients into clicking a link. Links in the fake emails go to a compromised website that harbours malware.
Unfortunately the delivery of your order COS-0072956002 was cancelled since the specified address of the recipient was not correct. You are recommended to complete this form and send it back with your reply to us.
Please do this within the period of one week - if we dont get your timely reply you will be paid your money back less 21% since your order was booked for Christmas.
Your order WM-007789536 delivery has failed because the address was not specified correctly. You are advised to fill this form and send it back to us.
If your reply is not received within one week, you will be paid your money back but 17% will be deducted since you order was booked for Christmas holidays.
According to these emails, which purport to be from retailers Costco, Walmart and Best Buy, the delivery of an order was cancelled because the specified delivery address was incorrect. The emails recommend that recipients click a link to complete a form so that delivery of the order can be expedited.
However, the emails are not from Costco, Walmart or Best Buy and the claims that a delivery has been cancelled are untrue. In fact, the messages are a criminal ruse designed to trick recipients into installing malware.
Those who click the link as instructed will be taken to a website that has been taken over by criminals for the purpose of delivering a malicious payload. Once on one of the compromised sites, users will be prompted to download a .zip file.
A malicious .exe file is hidden inside this .zip. If opened, the .exe file can install a variant of the Kuluoz trojan on the user's computer. The trojan can steal passwords from the infected computer and relay them back to the criminals. It may also download and install further malware components.
Over the Christmas period, many more people than usual will have placed orders with the retailers targeted in the scam emails. The criminals have capitalized on this Christmas rush.
However, similar "package delivery failure" malware campaigns operate continually throughout the year. Many of the malware emails use the names of well known delivery companies such as FedEx, UPS and USPS.
Be very cautious of any unsolicited message that claims that the delivery of a package has been delayed or cancelled. If you receive such an email, do not click on any links or open any attachments that it contains.
Last updated: January 3, 2014
First published: December 28, 2013
By Brett M. Christensen