Unfortunately the delivery of your order COS-0072956002 was cancelled since the specified address of the recipient was not correct. You are recommended to complete this form and send it back with your reply to us.
Please do this within the period of one week - if we dont get your timely reply you will be paid your money back less 21% since your order was booked for Christmas.
The emails recommend that recipients click a link to complete a form so that delivery of the order can be expedited.
However, the emails are not from Costco, Walmart or Best Buy and the claims that a delivery has been cancelled are untrue. In fact, the messages are a criminal ruse designed to trick recipients into installing malware.
Those who click the link as instructed will be taken to a website that has been taken over by criminals for the purpose of delivering a malicious payload. Once on one of the compromised sites, users will be prompted to download a .zip file.
A malicious .exe file is hidden inside this .zip. If opened, the .exe file can install a variant of the Kuluoz trojan on the user's computer. The trojan can steal passwords from the infected computer and relay them back to the criminals. It may also download and install further malware components.
Over the Christmas period, many more people than usual will have placed orders with the retailers targeted in the scam emails. The criminals have capitalized on this Christmas rush.
However, similar "package delivery failure" malware campaigns operate continually throughout the year. Many of the malware emails use the names of well known delivery companies such as FedEx, UPS and USPS.
Be very cautious of any unsolicited message that claims that the delivery of a package has been delayed or cancelled. If you receive such an email, do not click on any links or open any attachments that it contains.
Last updated: January 3, 2014