December 8, 2013

Fake delivery notices

Have you been receiving emails that look like shipping notifications, but you don't recall ordering any packages? Don't look now, but it could be a scam.
This holiday season, scammers are taking advantage during this time of year of increased package deliveries . By emailing fake shipping notifications to trick people into downloading a computer virus, they're hoping to snag some victims. With over 131 million online shoppers over Cyber Monday in 2013, many people will expect some type of delivery notice and will likely click on the malicious download. It only takes a few minutes with your guard down to fall prey to this phishing scheme.
 
FedEx delivery notice. Is it real or fake?
One of the popular shipping companies, FedEx warns about a phishing scam masquerading as a FedEx delivery notification. According to SecureWorks, one phishing FedEx message circulating will infect a person's computer with the Gameover ZeuS Banking Trojan after clicking on it. The Gameover ZeuS Trojan malware aims to steal sensitive information such as online banking credentials, and is harder to get rid of since its distribution is through peer-to-peer networks. According to some reporting, the fake notification looks very close to a real version, so it's hard to differentiate between them.
 
FedEx is not the only company scammers are using for phishing shipping notifications. Reports indicate they are using other popular companies, such as Amazon, eBay, Wal-Mart, UPS, DHL, and Target. According to SecureWorks, other subject lines used by scammers are:
  • "You have a New encrypted message from your bank" 
  • "USPS is notifying you that your package is available for pickup" 
  • "You have received your payroll invoice" 
  • "Your FED TAX payment was rejected"
  •  "Advisors Online Documents Activated"
  •  "Transaction notification from your bank"
  •  "Docusign To all Employees - Confidential Message" 
  • "INCOMING FAX REPORT" 
Simple tips to not fall victim to this scam.
  • Approach any email with caution, especially ones you were not expecting.
  • Don't click directly on links within the email. Go directly to the known, trusted website to verify shipping information.
  • Don't open email attachments. If you trust the source, scan the attachment prior to opening.
  • If you're concerned about a legitimate package, call the company directly and don't rely solely on email traffic.
 
References:
Ellyatt, H. (2 December 2013). It's Cyber Monday: Over 131 million expected to shop online. NBC News. Retrieved from http://www.nbcnews.com/business/its-cyber-monday-over-131-million-expected-shop-online-2D11674373 
 
FedEx. (2 December 2013). Holiday scams - beware. Retrieved from http://www.fedex.com/us/update2.html
 
Howard, C. (4 December 2013). Fake package tracking email may be malware. Clark Howard Rip-Off Alert. Retrieved from http://www.clarkhoward.com/news/clark-howard/technology/fake-package-tracking-notification-could-be-malwar/nb9mY/ 
 
Rubenking, N. (13 November 2013). Malware loves company: How malware evolution triggered a change in our testing. PC Magazine: Security Watch. Retrieved from http://securitywatch.pcmag.com/security-software/317629-malware-loves-company-how-malware-evolution-triggered-a-change-in-our-testing
SecureWorks. (2 December 2013). Fake order confirmations and delivery notices.  Prosecurity Zone. Retrieved from http://www.prosecurityzone.com/News_Detail_Fake_order_confirmations_and_delivery_notices_21164.asp#axzz2moolUlPx 

No comments:

Post a Comment