Again, we would like to remind you. If you got an email that said come from the delivery company, please do not immediately to believe it. Because it could be a fake email that contains a virus.

Seems like they have started to rise again, since we are still receiving many reports of these spam emails within these days.

Here are some examples of spam email that was sent:

Dear Customer!

Your package has been returned to the DHL office.
The reason of the return is – Incorrect delivery address of the package!
Attached to the letter mailing label contains the details of the package delivery.
You have to print mailing label, and come in the DHL office in order to receive the packages.

Thank you!
DHL

or like this:

FedEx Reminder – Invoice XXX

Dear Customer!

Please refer to your last parcel invoice copy attached.

Thanks a lot,
FedEx.

And here’s the “Post Express Service”:

Post Express Service. Get the parcel XXX

Dear Customer.

Your package has been returned to the Post Express office.
The reason of the return is “Incorrect delivery address of the package”

Attached to the letter mailing label contains the details of the package delivery.
You have to print mailing label, and come in the Post Express office in order to receive the packages.

Thank you for your attention.
Post Express Service.

or:

Post Express! Get the parcel XXX

This is a post notification

Email notification ID:xxxxxxxx

Your package has been returned to the Post Express office.

The reason of the return is “Error in the delivery address”

Important message!
Attached to the letter mailing label contains the details of the package delivery.
You have to print mailing label, and come in the Post Express office in order to receive the packages.

Thank you for attention.
Post Express Support

The email could be just contains an image like this one:

United Parcel Service notification #XXX

Dear customer,

The parcel was sent to your home address.
And it will arrive within 3 business days.

More information and the tracking number are attached in document below.

Thank you.
United Parcel Service

And still many more, because they send the email in various format.

From each attachments, Emsisoft Anti-Malware detects the attachment as a trojan Oficla, Zeus/Zbot, or SpyEye.

There’s no doubt, this social engineering technique is still effective to lure users to open attachments or click on the malicious links. On the recent sample that we got, when user executes the attachment, this malware will download a fake “shipping documents” from the following address, and then open it automatically:

• hxxp://mialedot.ru/3SEag1rs5f/document.doc

If you receive a suspicious email like this, please do not click the attachment, or the given links. You could contact the appropriate company to make sure, or just forward the email to us to be analyzed.

More information:

DHL - http://www.dhl.com/en/express/resource_center/fraud_alert.html
FedEx - http://fedex.com/us/security/prevent-fraud/index.html
UPS - http://www.ups.com/content/us/en/resources/ship/fraud.html

Join Emsisoft Facebook page, and don’t forget to follow our Twitter to keep you stay update.

Tags: DHL, FedEx, Oficla, Post Express Service, spam, SpyEye, Trojan, Undelivered Package, UPS, Zbot, Zeus

This entry was posted on Saturday, February 19th, 2011 at 10:14 and is filed under Emsisoft Lab. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.