Debunking hoaxes and exposing scams since 2003!

Hoax-Slayer Logo

Jump To: Example    Detailed Analysis   Comments   References

Costco, Walmart, Best Buy 'Delivery Problem' Emails Point to Malware


Emails purporting to be from Costco, Walmart or Best Buy claim that the delivery of an order has been cancelled due to an addressing problem.  Recipients are instructed to click a link and complete a form to organize delivery of the order.

Facebook phising
© maxkabakov

Brief Analysis

The emails are not from Costco, Walmart or Best Buy and the supposed delivery problem is a ruse designed to trick recipients into clicking a link. Links in the fake emails go to a compromised website that harbours malware.


Subject: Expedited Delivery Problem

Unfortunately the delivery of your order COS-0072956002 was cancelled since the specified address of the recipient was not correct. You are recommended to complete this form and send it back with your reply to us.

Please do this within the period of one week - if we dont get your timely reply you will be paid your money back less 21% since your order was booked for Christmas.

Costco Delivery Problem Malware Email

Subject: Scheduled Home Delivery Problem


Your order WM-007789536 delivery has failed because the address was not specified correctly. You are advised to fill this form and send it back to us. 

If your reply is not received within one week, you will be paid your money back but 17% will be deducted since you order was booked for Christmas holidays.

Walmart malware email

Detailed Analysis

According to these emails, which purport to be from retailers Costco, Walmart and Best Buy, the delivery of an order was cancelled because the specified delivery address was incorrect. The emails recommend that recipients click a link to complete a form so that delivery of the order can be expedited.

However, the emails are not from Costco, Walmart or Best Buy and the claims that a delivery has been cancelled are untrue. In fact, the messages are a criminal ruse designed to trick recipients into installing malware.

Those who click the link as instructed will be taken to a website that has been taken over by criminals for the purpose of delivering a malicious payload. Once on one of the compromised sites, users will be prompted to download a .zip file.

A malicious .exe file is hidden inside this .zip.  If opened, the .exe file can install a variant of the Kuluoz trojan on the user's computer. The trojan can steal passwords from the infected computer and relay them back to the criminals. It may also download and install further malware components.

Over the Christmas period, many more people than usual will have placed orders with the retailers targeted in the scam emails. The criminals have capitalized on this Christmas rush.

However, similar "package delivery failure" malware campaigns operate continually throughout the year. Many of the malware emails use the names of well known delivery companies such as FedEx, UPS and USPS.

Be very cautious of any unsolicited message that claims that the delivery of a package has been delayed or cancelled. If you receive such an email, do not click on any links or open any attachments that it contains. 

Last updated: January 3, 2014
First published: December 28, 2013
By Brett M. Christensen
About Hoax-Slayer

Holiday Delivery Failures lead to Kuluoz malware
FedEx Incorrect Delivery Address Malware Email
Not Able to Deliver UPS Package Malware Email
USPS Malware Emails