Just earlier this week, I warned about a malware attack that had been widely spammed out posing as a message from DHL Express International.
The trick, which is an old one, goes like this.
Cybercriminals spam out an email, with forged header information, tricking you into believing that it is from a shipping company like DHL or FedEx.
The email tells you that they tried to deliver a package to you, but failed for some reason. Sometimes the emails claim to be notifications of a shipment you have made.
Either way, you can't resist being curious as to what the email is referring to - and open the attached file (or click on a link embedded inside the email).
And with that, your computer is infected and under the control of malicious hackers who have just planted a Trojan horse on your computer.
As attacks go, it's pretty unsophisticated. But the fact that we see attacks using this formula virtually every day indicates that it's a ruse that works well for the online criminals, and continues to help them make money.
I must admit that sometimes it's pretty depressing working in the computer security industry, when you see people fall for the same trick time and time again.
Here's the latest example, an email with the subject line "DHL delivery report":
The social engineering is simple, but it works. The email tricks you into believing that there is a parcel waiting to be shipped to them, but an incorrect postcode has messed the delivery up.
What does the email suggest you do? Print off the label (helpfully attached), and take it to your post office. But you best hurry! Because the email claims that they will begin to charge you if you dawdle too long.
It's no wonder then that some folks will all too quickly open the attached file (called LABEL-ID-NY19032013-GFK78.zip in this case) and, as a result, infect their Windows computer with the Troj/Bredo-AGB Trojan horse.
Of course, this isn't really DHL or FedEx's fault. Their company name is being abused by the criminals and their brand image tarnished through association with such attacks.
Maybe you're well-read about malware threats and would never fall for an attack like this. But can you say the same for your aunty, your father-in-law, your friends?
Do your bit to make the internet a safer place by helping raise awareness of security threats with your friends and family. Maybe even suggest they read Naked Security or follow us on Facebook if you think that will help.
Stay safe out there.
Follow @gcluley
![Password security infomerical leaves Ellen DeGeneres in disbelief.. and it will you too [VIDEO]](http://sophosnews.files.wordpress.com/2013/04/ellen-thumb.jpg?w=75&h=75&crop=1)
![Can multiple moving cursors really hide your password from spyware and peepers? [VIDEO]](http://sophosnews.files.wordpress.com/2013/03/cursors-thumb.jpg?w=75&h=75&crop=1)
It was recommended I contact you with my question - I am a Facebook user and there is presently an impersonator that has established an account (misspelled last name) with my picture attempting to become friends...With all of Facebook's technology, I cannot do anything (at least that I can find online) because evidently I have been blocked by the "new" account. What can I do, or is there a way to actually talk with someone at Facebook. Thanks!
http://www.facebook.com/help/167722253287296/
This is an old malware! I received many of these emails 4-5 months ago...
Get loads of these for FedEx, none as yet for DHL. I simply just delete them. If I had a parcel coming from anyone I would check directly with them.
Receiving these "from" DHL, FedEx, UPS and even the US Post Office, although they're somewhat unlikely to be delivering to Staffordshire in the UK.
Here's a naive question from someone who knows next to nothing about this sort of thing:
Why can't someone design an email application (or, alternatively, a browser...for those who use webmail) that won't let such nasties install themselves on a computer, even though the user might be clueless enough to click on links in the unsolicited messages that carry them?
Of course, another solution is simply to run Sophos AV with on-access scanning (which I do)...but then, I don't click on such malicious links in the first place.
Anyhow, it seems to me that, if developers actually care about security, they ought to be addressing this at the email client (or browser) application level to provide a kind of first line of defense against such invasions. Probably easier said than done, but I'm still curious why no one seems to be addressing the problem...or am I mistaken?
I received a fedex email informing me of my shipment. in february .( AND YES i WAS EXPECTING ONE )...opened it and it cost me £70 to sort the computer out...Have just received one from DHL ...i expect you have already guessed that I delete it straght away even though I am expecting another shipment ...beware it will cost you money as well as your details...
I actually opened on of them, which was in the spam (but didn't click on the links but looked at the WOT scorecard) :S
I didn't see any attachments for the most part. But would clicking to opening the email and nothing else cause me to get a virus?
if i opened the email and clicked on the tracking link what problems can i expect? i use a MAC
In this case, to get infected, you'd need to:
* Click the link.
* Open up the ZIP file (which is malware)
* Be running Windows
* Miss the malware with your anti-virus/other security software
So in your case, you should be OK.
Running a Mac doesn't reduce your risk *by design*, but it does reduce it by what you might call "market forces" - the crooks go after Mac users much less frequently because they're a minority of the market and (sadly/happily depending on whether you are a Windows/Mac user :-) the crooks are making enough money focusing on Windows.
My advice, therefore, on what to do about clicking on the link is, "Don't do that again."