© Depositphotos.com/ robeo123
Subject: Attention: Lost or Missing Package
Mail – Lost / Missing package – UK Customs and Border Protection
Royal Mail has detained your package for some reason (for example, lack of a proper invoice, bill of sale, or other documentation, a possible trademark violation, or if the package requires a formal entry) the RM International Mail Branch holding it will notify you of the reason for detention (in writing) and how you can get it released.
Please fulfil the documents attached.
However, the email is not from UK Customs and Border Protection or the Royal Mail and the claim that a package has been detained is untrue. And the attached file contains something significantly more sinister than information about a missing package.
The attached ZIP contains a .exe file that has a name designed to make people think it is an innocuous .pdf. Clicking the .exe file will install the malware on the user's computer.
Once installed, the malware can modify the Windows registry, change firewall policies, configure itself to run when the computer boots, and harvest information from the infected computer.
Some versions of the malware email may have slightly different wording and carry different variants of the trojan. A similar malware campaign in 2012 also used bogus emails claiming to be from the Royal Mail. And, in similar malware attacks over several years, online criminals have used the names of several other high-profile delivery services, including UPS, FedEx, DHL, and Australia Post.
Last updated: December 6, 2013
Newer version of fake email from Royal Mail regarding detained package
Fake email from Royal Mail regarding detained package contains trojan
Royal Mail "Group Shipment Advisory" Malware Emails
Not Able to Deliver UPS Package Malware Email
FedEx Incorrect Delivery Address Malware Email
DHL Notification Malware Email
Australia Post Undelivered Package Malware Emails