“Undelivered package” scam emails still continue

Fake delivery notification scam emails have been around for years. As with all email scams, our advice is if you got an email that claims to come from a delivery company, think before you act. Because it could be a scam email that contains viruses, ransomware or phishing scam sites.

Seems like they have started to be on rise again recently, and Emsisoft are still receiving frequent reports of these spam emails arriving at customer’s email inboxes.

Examples of ‘package undeliverable’ scam emails

Here is an example of a fake package notification email that was sent, supposedly from DHL:

Dear Customer!

Your package has been returned to the DHL office.
The reason of the return is – Incorrect delivery address of the package!
Attached to the letter mailing label contains the details of the package delivery.
You have to print mailing label, and come in the DHL office in order to receive the packages.

Thank you!
DHL

…or this one from FedEx:

FedEx Reminder – Invoice XXX

Dear Customer!

Please refer to your last parcel invoice copy attached.

Thanks a lot,
FedEx.

…and here’s one from the “Post Express Service”:


Post Express Service. Get the parcel XXX

Dear Customer.

Your package has been returned to the Post Express office.
The reason of the return is “Incorrect delivery address of the package”

Attached to the letter mailing label contains the details of the package delivery.
You have to print mailing label, and come in the Post Express office in order to receive the packages.

Thank you for your attention.
Post Express Service.

and just for good measure:

Post Express! Get the parcel XXX

This is a post notification

Email notification ID:xxxxxxxx

Your package has been returned to the Post Express office.

The reason of the return is “Error in the delivery address”

Important message!
Attached to the letter mailing label contains the details of the package delivery.
You have to print mailing label, and come in the Post Express office in order to receive the packages.

Thank you for attention.
Post Express Support

Alternatively, the email could be just contain an image like this one from UPS:

United Parcel Service notification #XXX

Dear customer,

The parcel was sent to your home address.
And it will arrive within 3 business days.

More information and the tracking number are attached in document below.

Thank you.
United Parcel Service

This is just a small selection of examples. But it’s important to remember that the sophistication of

When opening the attachments, Emsisoft Anti-Malware detects the attachment as malicious (in the above examples, they were trojans such as  Oficla, Zeus/Zbot, or SpyEye). But there are many other examples of malware campaigns that use this type of scam to trick customers, particularly if there happen to have ordered something recently.

What happens when opening a ‘undelivered package’ scam email

There’s no doubt, this social engineering technique is still effective to lure users to open attachments or click on the malicious links. In the email scam example below, when a user executes the attachment, the contained malware will download fake “shipping documents” from the following address, and then open it automatically:

  • hxxp://mialedot.ru/3SEag1rs5f/document.doc

If you receive a suspicious email like this, please do not click the attachment or the links in the email. You should contact the shipping company’s respective fraud site (see below), or just forward the email to us for analysis.

DHL: http://www.dhl.com/en/express/resource_center/fraud_alert.html
FedEx: http://fedex.com/us/security/prevent-fraud/index.html
UPS: http://www.ups.com/content/us/en/resources/ship/fraud.html

Your best protection against scam emails? Awareness.

These types of package undeliverable’ email phishing scams are becoming increasingly sophisticated, and are often hard to distinguish from an actual email from those same shipping companies. While it’s highly recommended to have a reliable anti-malware solution installed, the best protection against phishing scams like these is to be able to identify one ealy and simply delete it.


ESSENTIAL READING:

Never fall for a phishing scam again. Read Emsisoft’s Guide on Phishing Scams and how to prevent them