Archive for the “Package Scams” Category

So far this fall, UD has seen plenty of phishing scams, but not a lot of new ones. We’re using Black Friday to remind you about some of the common shopping and shipping scams you might see during the holiday gift-shopping season and giving you some resources to help you tell which email is fraudulent and which is authentic.

If it looks too good to be true, it probably is a scam.

Have you seen email making an outrageous claim (“Click here to get a new iPad for 69 cents!”)? Sometimes email like that carries malware that will infect your computer, perhaps to gather information about your Web browsing, perhaps to take control of your computer and make it part of a botnet. Sometimes, it will lead to a series of questionnaires or Web sites designed to harvest your personal information.

See an offer that sounds too good to be true? Delete it.

Holiday shopping means holiday eBay scams.

During the holiday bargain hunt, some people fall for a variety of eBay scams. Consult eBay’s Security Center for official information about avoiding fraud on eBay.

One of the best user-published guides to eBay scams has been published by the merchant Pennant Palooza. This guide offers information about fake second chance offers, phishing and other email scams, hijacked accounts, and other eBay-related frauds. Here is one excerpt describing a new form of eBay fraud:

The scammer will create a fake eBay page making it look like an auction listing. Then the scammer will send real email through eBay asking [a] seller if the item he has for sale is similar to “this one.” The seller is directed to the fake page where he has to sign in. When [the seller] signs [in to] the fake eBay auction, the scammer will have the seller’s ID and password. Answering buyers’ questions will increase sales, but you have to be very careful and question all emails.

Package scams

Last year, we published some sample package delivery scams. This year’s holiday shopping season will include even more of these scams. Rather than post more samples, this year we’re posting links to the fraud protection pages at major shipping companies:

You can see more information about malware and viruses contained in fraudulent package delivery notices at the Web site.

Not sure whether a message is authentic or fraudulent?

  • Review the information linked from this site for samples and tips.
  • Check with your department’s IT professional for assistance.
  • Contact the IT Help Center.

Comments Comments Off

Like the DHL scam mentioned yesterday, this is technically not phishing, but email with malware attached; the purpose of the malware is to steal your personal information.

Remember, the safest thing to do to check on a package delivery is to go to the vendor’s legitimate Web site and check the status there. With this FedEx scam, most of us at UD will find the infected attachment blocked from our email, as shown below.

From: 	FedEx Customer Service 
Subject: 	Error in the delivery address No67072540
Date: 	October 28, 2011 10:02:22 AM EDT

WARNING!!! (from

The following message attachments were flagged by the antivirus scanner:

Attachment [2.2], virus infected: Mal/EncPk-AAT,Troj/BredoZp-GH.  
Action taken: deleted

Dear customer,

Your parcel has arrived at the post office on October 14.
Our Driver was unable to deliver the parcel to your address.
Please print out the invoice copy attached and collect the package at our office.

Thank you,
FedEx Global Mail.

VIRUS WARNING Message (from

The virus Mal/EncPk-AAT,Troj/BredoZp-GH was detected in email attachment [2.2]  The infected attachment has been deleted.

Just delete it.

Comments Comments Off

Technically, this one’s not a “phishing scam,” but spam with malware–but it has the same effect.

Help Net Security reports that spam has resurfaced looking like legitimate email about an international package. From Help Net Security’s description:

They spoofed the sender information, making it look like the email was sent from” “DHL Express International Support “, and the subject line says that it’s a “DHL Express Notification for shipment for 26 Oct 2011,” says MX Lab.

Apart from the usual (legitimate) information about the company, the email contains a request not to reply to the email as it is used by an automated application and an invite to open the attached file for more details about the shipment:

When unzipped, the attached file revels an executable – DHL-Delivery-Notification-Message-102611.exe.

Red flag should go up once you see that the name of the attached “notification” message ends in .exe. Download apps from trusted Web sites–e.g., from the DHL corporate Web site–not from email. Just delete it.

The complete article is online at

Comments Comments Off

There are variations on this scam that we can expect to see more and more as holiday package season arrives. In this version, that landed in UD email on 10/17/11, there were no links to click on to harvest information, instead, an attached “postal label” carried malware that could infect the recipient’s computer.

From: USPS Service [] 
Sent: Monday, October 17, 2011 10:57 AM
To: [ address redacted]
Subject: Track your parcel ID958
Good afternoon. 

Your parcel has arrived at the post office on October 6. 
Our Driver was unable to deliver the parcel to your address.
To receive a parcel you must go to the nearest USPS office and show your postal label.
Label is attached to this letter.

Thank you for your attention.
USPS Customer Services.

Different versions of this scam will arrive on campus all during the holiday season, some allegedly from USPS, some allegedly from DHL, some allegedly from FedEx, and so on.

Our advice
: If you receive a notice that appears to be from a package service, open a browser and go to that package service’s Web site manually to search for information about a package.

Comments Comments Off