Phony emails from shippers abound

I always love getting packages in the mail. I think everyone does. So when a notice arrives in my email box that says I have a package to pick up, I get excited–but then I think better of it, and remember that carriers leave little slips on your front door, they don’t send you an email.

Earlier this month, there was a spam scam making the rounds, claiming to be a delivery notice for UPS. This week, a new one is circulating, this one claiming to be from DHL, with a subject line “DHL Tracking Number”. The message says that a delivery attempt has been made on a specific date, and then tells the recipient/victim to click on a link to print out a notice to retrieve the package. Similar scams have also circulated from spammers claiming to be FedEx.

Of course, when the user clicks, they download a malicious Trojan, known as Troj/Agent-JJP, which contains the file dhl_n756512.zip. The file creates a remote connection via port 80, and then the bad guys on the other end can fill the victim’s computer with more malware and adware.

The bogus invoice scam has been popular lately, and another variation (I’ve received many of these myself) creates an email that looks like it is from an airline, and attaches a file that the email claims is a boarding pass or airline ticket. When you buy an airline ticket online, you usually know when you’re going to get a confirmation email (and at least when I’ve bought airline tickets online, there has never been an attachment. The confirmation has always been in the body of the email itself). It’s tempting to click, especially if you regularly receive packages or buy airline tickets and believe that it may be legitimate. However, one must always be aware of unexpected attachments.