Please note that the email that appears to be sent by USPS informing that due to incorrect address the firm has failed to deliver a parcel to the recipient is actually a malicious message.
If you click on the “Shipping Label” web link present in that email, it will instantly download and install a malware on your PC.
An email that seems to be sent by the United States Postal Service/USPS claims that the recipient’s package was not delivered because of incorrect postal address. The email also instructs the recipient to print off a shipping label by clicking on a button and then take the label to any nearby USPS office so that the mistake gets rectified.
However, this email hasn’t been sent by USPS and the claim made in this email regarding a failed delivery is also untrue.
This email actually is another attempt of cybercriminals for deceiving users and getting an information/data stealing Trojan downloaded and installed on the user’s computer.
The URL in that fake email redirects to an infected website that when visited automatically downloads the malicious payload to the victim’s PC.
In case the victim runs the download.exe file, the Trojan instantly gets installed.
Example Email:
Generally, when installed these Trojans look for sensitive personal data from the infected computer and pass it on to the attackers who remain connected to the infected computer via remote servers. These Trojans may also download additional malicious software.
This time, cybercriminals have tried their best to make the email appear legit as it includes a genuine USPS logo, delivery barcode and shipping code.
The email is delivered as a clickable image file so that wherever the user clicks, the email redirects to the infected website containing the malware.
Hoax-Slayer
