Beware of Malware in Fake Delivery Notifications
Online shopping is a great way for those who prefer to skip the lines and mall traffic. We can easily get gifts from our smartphones and computers from home. While it’s a great convenience for shoppers, it’s great opportunity for hackers too. They are constantly looking for new ways to get into our data, and now they’re preying on our need for updated tracking. A report from USA Today warns us about the very popular holiday malware scam using shipping notifications.
Common subject lines that have been linked to malware:
*We could not deliver your parcel, #00556030
*Please Confirm Your DHL Shipment
*Problems with item delivery, n.000834069
*Delivery Receipt | Confirm Awb no:XXX830169
*Your order is ready to be delivered
*Courier was unable to deliver the parcel, ID00990381
*Your DHL is here please download attachment to view detail and confirmation of your address
Some contain malware that invades your computer and either allows it to be used by a botnet or attempts to find and extract personal information about you that could be sold, or login information for your financial accounts.
The most damaging can contain ransomware. This is software that allows criminals to remotely lock up your computer. They then send a message demanding payment in untraceable digital currency such as Bitcoin.
These campaigns can be enormous. IBM’s X-Force security team began tracking a massive spam campaign on Nov. 21 that flooded millions of inboxes with fake delivery notifications carrying the subject line “Your Amazon.com order has dispatched.”
Instead of a package update, they carried a malicious zip attachment that downloaded the Locky ransomware program. At its peak, the campaign involved 44% of all incoming spam emails to IBM’s decoy accounts designed to gather information about potential threats.
UPS has provided a list of warning signs to watch out for:
- Design Flaws: An e-mail containing distorted or irregularly sized logos
- Poor Grammar: Grammatical errors and excessive use of exclamation points
- Misspellings: Incorrectly spelled words or links to altered websites (For example, modifications or variations of the legitimate www.ups.com website address, such as www.unitedparcelservices.com.) Note: UPS sends legitimate e-mail from several URLs, including ups.com and upsemail.com.
- Sense of Urgency: Alarming messages requesting immediate action, such as “Your account will be suspended within 24 hours.” or “Contact us immediately to claim your parcel or prize.”
- Unexpected Requests: A request attempting to obtain money, financial information (e.g. bank account or payment card numbers), or personal information in exchange for the delivery of a package or other article
- Communication Gaps: An e-mail that does not provide an alternative method for communicating the requested information (i.e. telephone, mail, or physical locations)
- Deceptive Link: A link contained within an e-mail that appears to direct your browser to a known, safe site but actually directs your browser to another location, potentially to an unsafe or fraudulent site. You can detect this by hovering over the link with your cursor. This causes the actual destination of the link to display in a pop-up, the lower left of your status bar, or other location depending on your e-mail client. It is suspicious if the actual destination does not match the address in the link. Also be suspicious of links containing numbers in place of letters, abbreviations, and slight misspellings in the link.
While security firms and consumer watchdog agencies are aware of these threats, there is only so much they can do to prevent them. Every time they figure out how to address a particular bit of ransomware or phishing code, the hackers make a modification and start attacking again. It is up to the shoppers to be that last line of defense against a cybersecurity attack. Be aware of what you’re clicking and opening (Think before you click). If you think you’ve become a victim of ransomware, contact Computer Gurus immediately. We can help you backup your data, remove the malware, and keep your computers running.