E-mail Scam Targets USPS
In a recent online scam, an unknown sender has been attempting to instigate recipients into clicking a link that downloads a malicious zip file, as reported by topix on January 9, 2010.
The signature USPS contained in the e-mail is not legitimate as it does not indicate either the United States Postal Service or the United Parcel Service of America Inc.; thus indicating that it is neither the US Post Office nor UPS.
The message content of the e-mail denotes that the sender is unable to deliver the postal package due to the erroneous recipient's address. As such, the recipient of the e-mail is required to print out the shipment label and take down their package from the office.
The e-mail however ends on a very formal note where the recipient is paid gratitude on behalf of USPS United Parcel Service of America, Inc.
The zip file attached in the e-mail leads the recipient to malware infection.
However, these types of malware-ridden campaigns have led to an increase in malware over the Internet.
Users are recommended to delete any fake USPS delivery notifications from their inbox immediately after receiving it. Users are also required to extra alert while dealing with attachments, even if the message appears to be from an authentic source like USPS. Online services like Virus Total can be employed towards scanning the files and ensuring their security.
For maintaining extra consciousness and be on the safer side, all e-mail notifications from the package delivery services are required to be verified over the phone, with those companies that act as the senders and confirm their authenticity.
The USPS holds is affirmative about finding out the master mind behind such a scam and prevent them from doing the same.
Conclusively, it is not the first time that USPS has been hit by email scam. In December 2011, security firm Sophos spotted a similar email scam that targeted USPS and fake emails stating that email recipient's parcel has arrived at the post office on November 23, 2011 and USPS's driver failed to deliver the parcel to the recipient's address were launched.
However, it is not the first occasion of USPS being hit badly by e-mail scam. Security firm, Sophos indicated a similar scam victimizing USPS, by which e-mails claiming to have undelivered parcel at the post office on November 23, 2011 were required to be collected. The simple reason behind the failure seems to be failure of the USPS's driver to fail the deliver of the parcel to the address were launched.
Related article: E-Crime Reporting Format To Be Launched in July
» SPAMfighter News - 17-01-2012