Beware of Malware in Fake Delivery Notifications

December 19, 2016 | SHARE >

Online shopping is a great way for those who prefer to skip the lines and mall traffic. We can easily get gifts from our smartphones and computers from home. While it’s a great convenience for shoppers, it’s great opportunity for hackers too. They are constantly looking for new ways to get into our data, and now they’re preying on our need for updated tracking. A report from USA Today warns us about the very popular holiday malware scam using shipping notifications.

Common subject lines that have been linked to malware:

*We could not deliver your parcel, #00556030

*Please Confirm Your DHL Shipment

*Problems with item delivery, n.000834069

*Delivery Receipt | Confirm Awb no:XXX830169

*Your order is ready to be delivered

*Courier was unable to deliver the parcel, ID00990381

*Your DHL is here please download attachment to view detail and confirmation of your address

Some contain malware that invades your computer and either allows it to be used by a botnet or attempts to find and extract personal information about you that could be sold, or login information for your financial accounts.

The most damaging can contain ransomware. This is software that allows criminals to remotely lock up your computer. They then send a message demanding payment in untraceable digital currency such as Bitcoin.

These campaigns can be enormous. IBM’s X-Force security team began tracking a massive spam campaign on Nov. 21 that flooded millions of inboxes with fake delivery notifications carrying the subject line “Your order has dispatched.”

Instead of a package update, they carried a malicious zip attachment that downloaded the Locky ransomware program. At its peak, the campaign involved 44% of all incoming spam emails to IBM’s decoy accounts designed to gather information about potential threats.

UPS has provided a list of warning signs to watch out for:

  • Design Flaws: An e-mail containing distorted or irregularly sized logos
  • Poor Grammar: Grammatical errors and excessive use of exclamation points
  • Misspellings: Incorrectly spelled words or links to altered websites (For example, modifications or variations of the legitimate website address, such as Note: UPS sends legitimate e-mail from several URLs, including and
  • Sense of Urgency: Alarming messages requesting immediate action, such as “Your account will be suspended within 24 hours.” or “Contact us immediately to claim your parcel or prize.”
  • Unexpected Requests: A request attempting to obtain money, financial information (e.g. bank account or payment card numbers), or personal information in exchange for the delivery of a package or other article
  • Communication Gaps: An e-mail that does not provide an alternative method for communicating the requested information (i.e. telephone, mail, or physical locations)
  • Deceptive Link: A link contained within an e-mail that appears to direct your browser to a known, safe site but actually directs your browser to another location, potentially to an unsafe or fraudulent site. You can detect this by hovering over the link with your cursor. This causes the actual destination of the link to display in a pop-up, the lower left of your status bar, or other location depending on your e-mail client. It is suspicious if the actual destination does not match the address in the link. Also be suspicious of links containing numbers in place of letters, abbreviations, and slight misspellings in the link.

While security firms and consumer watchdog agencies are aware of these threats, there is only so much they can do to prevent them. Every time they figure out how to address a particular bit of ransomware or phishing code, the hackers make a modification and start attacking again. It is up to the shoppers to be that last line of defense against a cybersecurity attack. Be aware of what you’re clicking and opening (Think before you click). If you think you’ve become a victim of ransomware, contact Computer Gurus immediately. We can help you backup your data, remove the malware, and keep your computers running.

Recent Blog Posts

  • blog-img

    Dangers of NOT Upgrading Windows 7 & Server 2008

  • blog-img

    Debunking Security Myths

    As technology continues to change and advance, keeping up with cybersecurity best...
  • blog-img

    Data Breach: 763 million unique email address exposed

    What data was compromised:Dates of birth, Email addresses, Employers, Genders,...
Call Now Button