14 DAY TRIAL // After they've noticed that sending fake emails in the name of UPS or FedEx doesn't work anymore, hackers came up with the idea of using fake Royal Mail messages to spread their malware.
Graham Cluley picked up on a bunch of emails, pretending to come from the delivery company, stating things such as “Error in the delivery address NoXXXX”, “You should come to the Royal Mail office and receive a package”, "Track your shipment NoXXXX”, “Cancellation of the package delivery” and many more ludicrous things.
The victim is then informed that there's something wrong with his package, pointing to the attachment for further details on the problem.
“A courier did not deliver the package to your address. Reason: The package is too large. Information about your package is attached to the letter.Read all information carefully and come to the "Royal Mail" office to receive your package,” reads the message provided by Mr. Cluley.
Once the attachment is opened, you end up with a couple of pieces of malware identified as Mal/BredoZp-B and Mal/EnckPK-AAT.
The first malicious element is actually the same as the one we've recently seen in the YesAsia scheme that's been running around lately.
A cleaver thing about this email is that it comes from a spoofed address that actually seems to belong to the genuine Royal Mail service.
The conclusion that we can draw after seeing this latest attempt is that no matter where the message comes from, it can always contain some malevolent software that finally ends up with your information or even your bank account.
Make sure not to trust anything received via mail, not even if it looks to be sent by a company you know and trust. Zip attachments are always a great hint for identifying virus containing messages but a good anti-virus can surely keep you safe.