Outbreak: Post Express Service malware attack spammed out

Filed Under: Malware, Spam

Be on your guard against the latest "undelivered package" malware attack that cybercriminals are spamming out right now.

Regular readers of Naked Security will be all too familiar with emails claiming to come from the likes of FedEx, UPS and DHL which pretend to be about a parcel that wasn't delivered properly (and all you have to do is click on the attachment to learn more become infected.)

Now we're seeing malicious emails which pretend to come from "Post Express Service". Here's a typical example:

Malicious email

Subject: Post Express Service. Get the parcel NR<random number>

Message body:
Dear client.

Your package has been returned to the Post Express office.
The reason of the return is "Error in the delivery address"

Attached to the letter mailing label contains the details of the package delivery.
You have to print mailing label, and come in the Post Express office in order to receive the packages.

Thank you.
Post Express Support

Attached file: Post_Express_Label_<random number>.zip

Other subject lines used in the attack include:

Post Express Service. Number of your parcel <random number>
Post Express Service. Package is available for pickup! NR<random number>
Post Express Service. Delivery refuse! NR<random number>

Hopefully you and the users inside your company won't be so excited about the thought of an unexpected parcel that they open the attached file, as doing so will infect your Windows computer with malware.

Sophos detects the ZIP file as Troj/BredoZp-BT and the enclosed malware as Troj/Spyeye-R.

Remember, there's only one reason why cybercriminals keep using this type of social engineering to fool users into running malware - it works.

, , ,

You might like

234 Responses to Outbreak: Post Express Service malware attack spammed out

  1. nic · 1705 days ago

    Someone I knew got this today, and unfortunately as they were expecting a parcel to be delivered they opened it ... not good! one good reminder is that most mail delivery wouldn't send an email to inform you like that (well they shouldn't anyway) and for us Australians, all emails would be addressed from auspost.com.au anyway. if it was incorrectly addressed, it would be sent back to the original sender to be amended.

    • Debbie · 1645 days ago

      Oh no, ive just opened one of these as I sent a parcel to my daughter for her birthday and she hasnt received it yet so I thought this was regarding that! What do I do now!"

  2. JHEMI · 1705 days ago

    Received one, hope my Norton saved me. My mistake, I downloaded and ran the attachment before searching for Post Express and finding your site. Is the executable the bad guy, or downloading and running the attachment? What would be the symptoms?


    • If you opened the file inside the ZIP then that will have run the Trojan horse on your computer.

      You should run an up-to-date anti-virus program. If you have any difficulties or questions about the process, contact the support team at your anti-virus vendor for assistance. They'll be best placed to help you. Good luck!javascript:void(0);

    • Thu Win · 1705 days ago

      Run a full scan using the Norton Bootable Removal Tool.

  3. MHS · 1705 days ago

    Thank you for this. Had this malware spam delivered to me today, and when I checked via Google found your site with its very timely warning!!

    • Fizzy · 1701 days ago

      Likewise ... I just received this message today. Thought it was a bit strange as they hadn't addressed me by my name. All sounded too suspicious, so I, too, googled "post express service" and found this site ... phew!!!!

      • Fox · 1660 days ago

        Same :) twice they send it already .. sadly not long ago royal mail lost important docs and first i thought it might be them, but than i thought that they send email and how the post office could have my web address..so ignored it..
        Second time, just now actually, I have received it one more time..so decided to check in Google who is this Post Express Service..found your article THANKS !!!!
        Will send it to my friends !! Thanks again :)

  4. Vicky · 1705 days ago

    Thanks for the warning. I received one of those emails in my Hotmail account just now, so I googled the heading to find out more. At first, I was tempted to download the attachment as I am actually waiting for a parcel to be delivered. But then I noticed it was a zip file, and there is more than one email address listed in the To and Bcc fields, and I became suspicious. I also don't recognise the name of the company Post Express Service.

  5. Asking · 1705 days ago

    Unfortunately, this timing on this was perfect as I had just emailed a company in regards to an order that I hadn't yet received and tried to open on my Mac. However, after two unsuccessful attempts I started thinking and then found this site. Since the file wasn't able to download on my Mac is there anything I should be weary of.

  6. Patrick Court · 1705 days ago

    I just received one with subject : Post Express Service. Track number xxxx. However i did not open it because i wasn't expecting a parcel anyway. My advice is DO NOT open any attachments you get in any email, even if you think it is from someone you know and trust, emails can still be hacked before you get them. Always check with the person first if they sent attachment, name of file and size of file. They will know this if they sent file. If, like this spam mail it is from a company claiming to have a parcel, contact the company in person by phone or email before you open file. If you cannot get in touch with the company, goto Google, search for company and put tracking ID in their search, chances are that tracking ID does not exist. Hope this helps.

  7. Alison · 1705 days ago

    Nobody seems to have mentioned the much-less-than-perfect English, which is usually supposed to be a dead giveaway in these sort of cases.

  8. david · 1705 days ago

    thankyou i just was informed of my undelevered packsage
    you saved me

  9. tina · 1705 days ago

    I received the email, but didn't open it. It came from:


    and was titled:

    Post Express Service. Get the parcel NR7488


  10. Whenever I get such emails, I never open, never! I go directly to the site. I had a friend who had her money taken from her account because they said her Paypal account was locked and she logged in on the fake site. They cleaned out her checking account. Luckily, she was covered but still.

  11. jeff7salter · 1705 days ago

    I rec'd one of these yesterday and deleted it.
    Should I do anything else?
    I did NOT run the zip program.

    • if you didn't open the ZIP and, more specifically, its contents then you have nothing to fear. Just delete the emails.

      • jeff7salter · 1705 days ago

        Thanks, Graham.
        Like some others here, I was expecting a package, but two things were red flags:
        (1) the name, Post Express didn't ring true
        (2) the attachment was a zip file.

  12. Spartan · 1705 days ago

    I got a copy of that spam also, I scaned it with Firefox and Norton it said it was a virus and neither one would let me open it. Hackers and spammers are just people who need attention well I hope they get all the attention they deserve in prison. LOL!

  13. Les · 1705 days ago

    too late for me....I opened it because I was expecting a package from overseas. Rather strangely, it started in my in-tray, but shunted across to spam after I'd opened it. Once in Spam, it had a whole passage from Shakespeare embedded in it. At least it's good quality spam!

  14. Karen · 1705 days ago

    Just checked my emails and what did I find - like those above, post express service informing me about a parcel. Luckily I did a google search and found your website - brilliant! Thank you! I had sent a parcel back last friday though and I can see why people are fooled by these idiots. It's a shame they don't put their ingenuity to better use!

  15. Tracey · 1705 days ago

    Your comments have saved me from downloading the attachment as I too was expecting a parcel. THANK YOU. Tracey

  16. Ben · 1705 days ago

    Hi Graham, I just got the post express email and smelt a rat ,checked this site and read your warning,many thanks, very much appreciated. Ben

  17. Dunky · 1705 days ago

    Appreciate your time and effort....keep up the timely warnings...

  18. Alda · 1704 days ago

    Just received today...and thank you for the warning

  19. deadline · 1704 days ago

    Yeah, unknown sender, bad english/grammar, dodgy looking attachment = instant delete

  20. Sam · 1704 days ago

    I've received several such e-mails, but they've all claimed to be from well-known delivery companies such as UPS. I wasn't expecting a package, so I was suspicious and didn't open the attachment.

    I just wonder why the sender of your example used such an obviously suspicious delivery company name???

  21. Reception · 1704 days ago

    anyone know what happens if you open and run it, cause i just did :(

  22. Andyboy · 1704 days ago

    cheers guys, googled this dodgy email and your website came up in the top 3. Deleted from inbox and deleted items file..... hopefully never to be seen again!!

  23. Andrew · 1704 days ago

    I have one too with a strange message shown only in Message Source ?
    William ran off like the wind, followed close by Mr. Seagrave and
    Ready, and at a distance by Mrs. Seagrave and Juno; indeed, there was
    no time to be lost, for the wind was off the shore, and in a short
    time the boat would have been out to sea. William, go back
    immediately. I insist upon it. Your going can do no good, as you do
    not understand the thing so well as I do; and go I will, so there will
    be double risk for nothing. Mr. Seagrave, order him back. He will obey
    you. I insist upon it, sir. Oh, father! said William, if that good old
    man is lost, I shall never forgive myself. Look, father, one - two -
    three sharks, here, close to us. He has no chance. See, he is again in
    deep water. God protect him! In the meantime, Mr. Seagrave, whose wife
    was now by his side, after glancing his eye a moment at the sharks,
    which were within a few feet of the beach, had kept his gaze steadily
    upon Readys movements.

  24. Kery · 1704 days ago

    Just received one of these from Post Express [postmail-pn772@washington.com]
    Thought it looked suspicious, so googled and found this useful site - thank you!
    With a dodgy email address, bad english and zip file - these dimwits might think they are clever, but are clearly not!

  25. selva · 1703 days ago

    Thank you, I received one and google around i got conformation here,

  26. Vee · 1703 days ago

    hi i rec'd one yesterday and I too was expecting a package. I have my emails sent to my blackberry phone. I opened email, but there was an error when clicking the attachment . there is some sort of firewall and encryption etc. with these phones. Should I be concerned and if so what should I do? Thanks for any help you can give.

  27. Customer Services · 1703 days ago

    If you are making an enquiry within Ireland please check http://www.anpost.ie for information on incoming packets and parcels .

  28. Mom · 1703 days ago

    Thank you for the alert! Got one this morning, didn't open it anyway.

  29. Ciara · 1703 days ago

    Just deleted it! Thanks, and my computer was protected and when i tried to open it and wouldnt let me! So get norton security! It works:)

  30. Catherine · 1703 days ago

    Thanks for posting this up! I just checked my email from my cell phone and I saw this fishy email. It was sent to me twice. I knew it wasn't right because I havent sent anything out. Regardless, the email address was postmail-pn783@lubbock.com. The Lubbock.com part didn't sound right.

  31. Craig · 1702 days ago

    Unfortunetly I opened and downloaded the file as was expecting a parcel. The word file downloaded to my desktop and when i clicked it it disappeared. Should I be worried? My avast didn't detect virus..

  32. jazlm · 1702 days ago

    I just opened my email to check on the progress of a new cell phone's delivery status and i recieved this bogus email. I was a little suspicious of the "Post Express" so iI looked it up and your site popped up with the advisory. Thanks to you guys I was able to save myself possibly hours of work over the weekend repairing and cleaning my systems.

  33. Robert · 1702 days ago

    Thanks so much for this. I got this e-mail myself today and I am indeed expecting a parcel which is considerably late. However, I was suspicious of the e-mail and didn't open the file. Instead I googled Post Express and found your column here. Thanks for the alert, you may have saved me alot of trouble!


  34. Tracey · 1702 days ago

    I got one of these today, exactly the same as your example and as I was expecting a parcel I tried to open the attatchment. Fortunately my security wouldnt allow it. Thanks for your information, I will be looking at your site regularly for updates on similar scams.

    Tracey B

  35. andrew · 1701 days ago

    Cheers, got 2 of these, checked here first though! Thanks again

  36. AndrewG · 1701 days ago

    Thank you for this. I googled to find out what the Post Express office is and found your site. I had sent off a package by Recorded Delivery and thought the email was connected to this although I wondered where they got my email address.. Norton barred it for me.

  37. Gerald · 1701 days ago

    This e-mail went to my spam folder, glad I did a search on it and found your website.

  38. markieb · 1701 days ago

    I also got this email today and knew better not to open it. But, I did run Malwarebytes, Nortons and zonealarm extreme on the zip file and none of them showed it as containing a virus, I made sure all have the most recent updates but still none showed a virus. This makes me a little unsettled unless these programs catch the virus when they try to be opened, but I'm not going to try and find out!

  39. Ulyana · 1701 days ago

    Thank you! Very in time! Just got one... Googled, found only your site! Thank you for warning!

  40. Mildred · 1701 days ago

    Hi, I am Mildred from Holland - I got one today and found your site on Google - have warned all my acquaintances.

  41. MuchaKoda · 1701 days ago

    Actually been getting these emails for a while - every time they are the same text with just a different package number or whatnot. I know better and never have opened the attachment, since it's a .zip file it could open up to just about anything.. and the 2nd cc email address is weird so I know it's spam. The 2nd email is a combination of my name with one of my old employer's names, which I think they somehow got from an old Yahoo email account I had in 2007 since that's what we used for email when I worked for that company. I'm guessing that email address was spammed a lot, although I never opened any of the spam or email attachments in my junk folder. It's just annoying that there are people out there who sit at a computer all day, just to do this to other people. And they're likely getting paid quite well.

  42. Helen · 1700 days ago

    Thank you very much for your site information. I recieved that exact e-mail and did not open it as I was leary of the name Postal Express Service which I never heard of and also the attachment. I do have a package coming but I just thought that if it was a lost package, they would leave me something about it at my door, not by e-mail attachments. I thought I would look up the name Postal Express and I came across this site! Now I know for sure and I deleted the message. Thanks again.

  43. Master Razor King · 1700 days ago

    Please disregard any spam E-mails stating that a parcel has been undelivered and to contact etc; Post Express This indeed is to be DISREGARDED as FALSE!!!!

  44. TJR · 1700 days ago

    expecting a package that did not come on schedule, I thought this was ligit until AFTER CLICKING ON IT, I realized (in horror) that it was an EXE file I had just clicked on, as the "click on" disappeared to begin activating. It put a strange word document up with only a password and login name (FaceBook "ladylady"), but the word file tries to do something besides just displaying when I click on it. Both the original EXE and the Word file seem to need to download another program to finish whatever they want to do, and I didn't allow either to download anything else.

    Does anybody know how to check to see if my computer is now infected by this?
    And, how to disable it?

    I see nothing on task manager that I don't expect to see. ini files show no sign of having been updated since the download.

  45. dale · 1700 days ago

    i have got this email also, is there anywhere that people can report the email??

  46. Sillyme · 1699 days ago

    Have read all the comments here I and am feeling pretty stupid!
    I received this email several times to my business account, was expecting an important package so tried to open it with WINZIP but the format was not recognised by my archaic PC nor could my blackberry recognise the format so did not download anything. I emailed the address given but it bounced back so then I googled and saw how much of a muppet I have been!!!
    Note to self: bookmark this site for future reference!

  47. Tracy · 1699 days ago

    Thank you so much for this post. I received the email this morning and as it's nearly my birthday, didn't think think too much about it. I started to download the attachment, ( Which my Norton told me was virus free! ) when it dawned on me that my email address wouldn't be on any post, so cancelled it. I did a google search and found your site,

  48. Teri · 1699 days ago

    Hi there. i received one. Unknowingly i opened it and downloaded the attachment. I can tell you that right now my PCis dead.

  49. RiChard · 1699 days ago

    I was expecting a package, so sometimes theese spams turn up at the wrong time, my avast would not let me poen it anyways, so hopefully im ok, w2hich i had checked at this site first

  50. Rodi · 1699 days ago

    Unfortunatelly, I received one today. I opened it. I opened the attachement also. What should I do? Thank you

    • Sorry to hear about that. If you opened the file inside the ZIP then you may have infected your computer.

      If your anti-virus software isn't cleaning it up, you should contact your vendor's tech support team - that's what you pay 'em for after all!

      Good luck

    • Rodi · 1698 days ago

      Thanks Graham!

  51. David · 1699 days ago

    Thank you for this! I received this twice today and saw that it was an .exe file and knew immediately NOT to start the executable file! lol Anyways, thanks for the warning....seems some people have WAY too much time on their hands! lol

  52. cpp · 1699 days ago

    Just got this email today. I am waiting for a package but thought it was strange that there was no address or contact info. Did not open and searched for company name. Luckily I found this site.
    Gotta be en guarde!

  53. BILL · 1699 days ago

    Just received one. Mailed yesterday, a Sunday, which was suspicious in itself. Having never heard of Post Express I looked it up and glad I did.

  54. Billy · 1699 days ago

    Hi Graham,
    I've just received and attempted to download the doc' but my Norton anti virus deteced a virus and didn't open it. Although it never downloaded the file, will my machine be infected?
    Good info on your site, however, wish I had checked your site before I attempted to download the file!

  55. Andrew · 1699 days ago

    Thank you for the warning. Found the site after Googling the name "Post Express Service". I assumed it wasn't genuine when I first saw it though since I've never heard of them. The message seemed to be too long for the page until I highlighted the hidden Shakespearean text.

  56. tara · 1699 days ago

    A parcel I sent never reached destination so when i received email saying the address was incorrect I assumed that this must have been the reason and assumed it had been returned. sadly i did open the email - my computer detected the virus and have deleted it. Unfortunately sometimes the nastly emails are just timely. If our postal service was reliable then perhaps this would have been less plausible email!!

  57. wade · 1699 days ago

    I was expecting a "difficult delivery" and it was late at night.
    I usually don't get suckered.


    Symptoms: normal start up until a "windows essentialswindow" popped up.

    I deleted the zip file and files in safe mode and the I had to run a system restore.
    And i think it's gone, but I fear it might kreep up again...

    Isn't this illegal---it should be. hours wasted and a lot of stress.

    Write you dumbass congressman for more stress lololololol

  58. anil · 1699 days ago

    thanxxx for making hacker`s life miserable by posting early warnings.

  59. Bethyboo · 1699 days ago

    THANK YOU!!!!! Thankfully the first thing I thought of was to see what this Post Express was. I am glad that people think enough of other people to make things like this so that others don't get screwed over by terrible people.

  60. Aluvian · 1699 days ago

    Australia Post have been receiving a lot of email from people like me who received this email.

    From what i can gather, it has been reported to the Governement Scam Authorities in Australia and they are investigating.

    The return email addresses in these emails are all different, ranging from @corpuschristie.com and @mississippi.com, all bogus.

    Australia Post and other postal services must be getting bombarded with emails from people affected by this email.

    Thanks for the heads up :)

  61. H. Sap. Sap. · 1699 days ago

    All such phishing attacks that I've ever heard of use bad grammar, as does this one, so anybody who made it through High School should be ashamed of themselves for having even considered taking this seriously.

    Obviously my own grammar isn't perfect, but Christ Almighty:

    Dear client.

    (Client not capitalized, period instead of colon or comma)

    Your package has been returned to the Post Express office.
    The reason of the return is "Error in the delivery address"

    (reason "of" instead of reason "for", no period at the end of the sentence)

    Attached to the letter mailing label contains the details of the package delivery.

    (I don't even know where to start on this sentence, except to say that it was clearly written by somebody who is either brain damaged or not a native speaker of English.)

    You have to print mailing label, and come in the Post Express office in order to receive the packages.

    (Ugh, you have to print 'um mailin labl an cum inna offis to get-um pakags)

    It's so stupid, even a Cave Man could see through it.


  62. Judy Ishikawa · 1699 days ago

    Got couple of them but never opened them Thank God! I'm glad somebody posted on google, now I'm posting it on my facebook and twitter to let everybody know about it. I think that's the best way for all of us to fight against this kind of spam.
    Thank you for the warning!

  63. ben · 1698 days ago

    Mine has this text hidden on the email ??? weird eh ?

    Of course I let out all those that had been with me twelve months: they dont turn to fairies in the cage, you know.Now I have only those I caught this year, or last autumn; the prettiest dont appear till the autumn. How can people live in towns? How can people say they are ever dull in the country? Look, she continued, gravely and earnestly, look at that tall pine-tree, with its long branch sweeping over the water; see how, as the breeze catches it, it changes its shadow, and how the shadow changes the play of the sunlight on the brook:-- Kenelm was startled. This an innocent! --this a girl who had no mind to be formed! In that presence he could not be cynical; could not speak of Nature as a mechanism, a lying humbug, as he had done to the man poet. He replied gravely,-- The Creator has gifted the whole universe with language, but few are the hearts that can interpret it.

    • It's not unusual for spam to include random text scooped up off the web. They spammers use it to try to make each email different, hoping it will be less likely to be stopped by email filters.

      Although that approach may work against rudimentary email gateway protection, more sophisticated solutions aren't particularly phased by it.

  64. jd1972 · 1698 days ago

    just got one of these and thought it looked a bit suspect. like someone said, the pidgin english gives it away a bit !!

    thanks v much

  65. Pauline · 1698 days ago

    I was expecting a parcel so opened the attachment. Thankfully my security suite stopped it and prevented a trojan from infecting my PC.

  66. Emily · 1698 days ago

    I just received this on my yahoo account. Luckily I only check emails from my phone which does not open attachments otherwise I would have been dumb and downloaded. But luckily google helped me figure out this was bogus and bad news before I opened it from my computer!

  67. Sandy · 1698 days ago

    Thank you for posting this! I received this email today and was trying to open it and my computer wouldn't let me. I have 3 packages that have been "missing" and I thought this had something to do with it. I did become suspicious when I saw what looked like a passage from a book under the email and did a google search and found this site.
    I will be more careful in the future and not open ANY attachments associated with an email.

  68. Andrew · 1698 days ago

    I received one today and opened it. Nothing is wrong with my computer as of yet however I did not run the file.

  69. marlon · 1698 days ago

    You know what the weird thing is. Copy this mail (I got it too), paste it in word or something, make it black and u will see a text below:

    That knight I know: two knights of mine, Two comrades, sealed by faiths bright sign, Whose eyes as ours that live should shine, And drink the golden sunlights wine With joys thanksgiving that they live, He hath slain in even the same blind wise: Were all wide wealth beneath the skies Mine, might I meet him, eyes on eyes, All would I laugh to give.His host made answer, and his gaze Grew bright with trust as dawns moist maze With fire: Within these twenty days, King Pellam, lord of Lystenayse, Holds feast through all this country cried, And there before the knightly king May no knight come except he bring For witness of his wayfaring His paramour or bride. And there that day, so soon to shine, This knight, your felon foe and mine, Shall show, full-flushed with bloodred wine, The fierce false face whereon we pine To wreak the wrong he hath wrought us, bare As shame should see and brand it. Then, Said Balen, shall he give again His blood to heal your son, and men Shall see death blind him there.

    A part of an old poem.

  70. Joyce · 1697 days ago

    Have been getting Post express notice everyday.Checked on Google and deleted all without opening.Thanks for the warning

  71. Carter Harrison · 1697 days ago

    SO WHAT CAN I DO TO REPAIR THIS BLUNDER? I'm expecting packages so opened the Post Express and tried to download their fake label. Any way I can clean then out of my system? I'd be very grateful for advice.

    • Presumably you're running an anti-virus product? If you have any trouble cleaning up the infection with your anti-virus, contact your vendor's tech support team so they can hand hold you through the process.

  72. Anna-Marie · 1697 days ago

    Received one this morning - didn't open it but would like to report it, but to who??? Help!

  73. herbert · 1697 days ago

    i received it today at my birthday but i didnt open the files....
    where they got my email address from?

  74. becki · 1697 days ago

    i got one today, i googled it and found this link before opening the attached file thank you, i am expecting other parcles but was sursipious as no details were on the email ie. contact numbers to phone them to re arrange delivery so didnt open atttachment thankfully thought i should google first thank you.

  75. jhean · 1697 days ago

    I just recieved one, but gladly i tried to open it from my school computer, these computer has virus and fire wall proctection it would even open it. Then i searched on google and found this website. thank you, because if i havd open this on my computer at home i would be done for..

  76. hans · 1697 days ago

    Ik heb het ook ontvangen. De attachement heb ik "gelukkig" niet geopend; eerste even gegoogled en deze sit gevonden. Daarna heel de mail weggedaan.

  77. ceci · 1697 days ago

    I too received one of these emails, but noticed the size of it and that it was a zip exe. file, so did not open it. But, I got to the point where it was the exe. icon. I am a bit computer illiterate. I did not open the exe. file, so it did not download, did it? Thanks for any information.

  78. Hana · 1697 days ago

    I have recieved one today. Unfortunately I was expecting package so I have opend it before I have read this :(
    Hopefully my Norton will save me ...

  79. Lil · 1697 days ago

    Got one today in my spam file. Found this site and deleted it. Thanks

  80. Google is Evil · 1696 days ago

    Just got one of those. Good warning, thanks.
    You should however mention, that it is perfectly safe (is it??) to open the Mail, and to open the attachment, You just shouldn't run the exe inside. (right??)

    Also: I just can't understand all those commenters who unashamedly talk about still using Google to find information about malicious software. Certainly in the long run Google itself is more malicious than some obscure decades old virus or trojan.

    It's called "social hacking", look it up. It means you dont have to maliciously infiltrate someones computer and rip out all their email contacts or all their bookmarks, when they will freely give all their contacts to you by always using facebook, or all their websurfing behaviour by always using Google.

    • You're right - it's the contents of the ZIP (the EXE file) which is malicious. So reading the email is ok, and even opening the ZIP file isn't going to infect your computer by itself (but not really recommended).

      I think most of the people who have mentioned Google are saying that they were suspicious of the email, Googled its subject line/message body, and thus arrived on the Naked Security site where they realised the attached file was malicious.

  81. eviper · 1696 days ago

    I use my Android Smartphone to check emails sometimes. I mistakingly downloaded the attachment (.exe) on my phone before looking this up, but thankfully it wouldn't open due to the Android's inability to open and run .exe files. So is my phone's operating system safe/would just downloading the attachment cause any harm?

  82. G Dew · 1696 days ago

    Thanks for the support. I had mail today from Post Express, then noticed the source was some kind person in Honolulu.... hmmm.... and then the grammar in the note.... hmm. Into the bin !...Keep up the good work Graham and Sophos.

  83. Rosie · 1696 days ago

    My friend opened hers and now her computer is infected with spyeyeSmep and 20CLEL Trojans. Im trying to remove them but am having no luck..

    we live in Australia

  84. donna · 1696 days ago

    Dear Customer.

    This is a post notification NR 46377315

    Your package has been returned to the Post Express office.
    The reason of the return is "Error in the delivery address"

    Attached to the letter mailing label contains the details of the package delivery.
    You have to print mailing label, and come in the Post Express office in order to receive the packages.

    Thank you for using our services.
    Post Express Service.

    this is a copy of the email recived today......... if u get 1 do not open it....... thanks for ur warnings

  85. Felix · 1696 days ago

    I got this 10 minutes ago, and I'm also in Australia.

    This is a post notification

    Email notification ID 11601005

    Your package has been returned to the Post Express office.

    The reason of the return is "Incorrect delivery address of the package"

    Important message!
    Attached to the letter mailing label contains the details of the package delivery.
    You have to print mailing label, and come in the Post Express office in order to receive the packages.

    Thank you.
    Post Express Service.

  86. Kassandra · 1696 days ago

    I got two sent to me, and both were put in my spam folder automatically. Luckily I was suspicious, and when I googled Post Express, I found your warning. Thanks much!

  87. Daff · 1695 days ago

    Ok - so I received it, and was expecting a parcel - which was late - so guess what - I opened it! My AVG keeps coming up with a warning, so I run a scan, and delete the isolated files but it keeps coming back again. Any ideas?

  88. ellie · 1695 days ago

    thank you, just had the email while expecting a package too! keep up the good work! x

  89. david dempsey · 1695 days ago

    mine was the same the mailing town was stocton ...not expecting anything and checked it out ..deleted

    david uk

  90. kaytee · 1695 days ago

    Many thanks for this thread, its now mentioned on Moneysavingexpert(dot)com. I have received the email and another MSE'r has received it twice!
    Many many thanks again

  91. RRB · 1695 days ago

    Thank you. I received a Post Express Service message this morning but my anti-virus did not want to open it. It came frompostmail_isn 7961@newyork.com.. Thanks to you I now Know what it was.

  92. lucky · 1695 days ago

    glad i googled post express, was gonna open it then thought better to check.

    i am incidently waiting for a parcel delivering

  93. Elaine Hilton · 1695 days ago

    . My husband thought is was for real, so I opened it, and tried to download the express label, it didn't open but not sure if I'm safe.

  94. berg · 1695 days ago

    How do you get rid of it? I can't even start in safe mode.

  95. seattesue · 1695 days ago

    It got me on my home laptop, what do I do now....

    • Jefro · 1694 days ago

      hi there seattesue,

      I left a post on BARRYS comment

  96. Laura · 1694 days ago

    thank you very much!!!I´ve just received a mail from the "Post Express Service". Thanks god I was suspicious and googled it, then I found your brilliant article!!!thanks a lot, you saved the life of my computer

  97. Kevin · 1694 days ago

    From the number of these I get in my SpamBox, I must have tons of friends that don't know how to address properly... :)

  98. Jefro · 1694 days ago

    hi had this today search and destroy killed it

    Dear client

    Email notification ID 59185175

    Your package has been returned to the Post Express office.

    The reason of the return is "Incorrect delivery address of the package"

    Important message!
    Attached to the letter mailing label contains the details of the package delivery.
    You have to print mailing label, and come in the Post Express office in order to receive the packages.

    Thank you.
    Post Express Support

  99. Jefro · 1694 days ago

    hi Barry

    it hijacks the windows start up, what they will have to do is start up the pc then they will get the trojan asking to carry out a pc check after it does this it will suggest you subscribe to remove what the trojan has put on the pc
    DON'T do it

    if they press ctrl alt del this will bring up task manager there they can end the task of the trojan

    then click on file, new task, then run an anti virus program,

    hope it helps

  100. ashley · 1694 days ago

    Yeah got this in my email today, like a lot of people here I was expecting a parcel so I dowloaded the attatchment, luckily Avast stopped me when I tried to run the program.

  101. Fred Pearson · 1693 days ago

    Thank You for having a place like this to come to. My email contains one of these right now. When there isn't ANY form of location, i.e. no address or phone number, I always "Google it". You came up. Thank You for keeping the public informed. Is there any possible way to make PERSONAL face to face contact with the sender of this malware/virus? I believe, if given a chance, I can correct the senders feelings on doing this type of behavior, any minor dismemberment could possibly change his mind. LOLOLOLOLOLOLOLOL

  102. Jackie · 1693 days ago

    Hi I received one today 12.02.2011 and was going to download, but did'nt. I searched Post Express and found your site with all the info, a very timely warning.
    Many Thanks. Jackie X

  103. Menk · 1693 days ago

    I started receiveing the same message since yesterday (2/12/11), total of three as of now. Never opened as it was suspicious in the beginning. I did not expect any packages and there was no any info about message sender like address, phone number, etc. Then I googled "Post Express Service" and found this helpful site. Thanks for info.

  104. Shirley · 1693 days ago

    just received one today and moved house in the last month, but wasn't expecting anything and never heard of post express so did a quick google search. Lucky did open attachment! Thanks guys.

  105. Celine · 1692 days ago

    Thank you for the warning! Just received a similar e-mail, saying that my parcel HAD arrived (instead of "undelivered package"). I am indeed expecting two parcels from Australia but have never before received notification through e-mail, so was on my guard.

  106. anne chieruzzi · 1692 days ago

    I am even more stupid than they are! I blame my age. I was suspicious so I deleted the email. You wont believe this but I then went into 'sent' messages and opened it again because I am inexperienced with these things . I emailed them back! as I had been waiting for a late parcel! But I did not open the attachment. I then deleted everything. am I in trouble p- if so what can I do next. I've changed my passwords.
    please help as I am now terrified.

    • If you didn't open the attached file (and more specifically, if you didn't open the file *inside* the ZIP attachment) then you have nothing to worry about.

      • anne chieruzzi · 1692 days ago

        You're the best thing since sliced bread! Thank you so much, I've been worried witless all week-end! I came across your web-site by accident this morning so someone up there is looking after me! Thanks again.

  107. Sagtts · 1689 days ago

    My mom got this email and opened the attachment. AVG appeared to catch the virus. It told her to restart the computer, but when she did, it wouldn't boot back up again. It appears to be completely dead--it won't even go to the Windows startup screen. Any idea as to why this would happen? This virus isn't supposed to wipe hard drives or destroy boot files, is it?

    • Hmm. No, normally the malware would not cause that to happen.

      If you're a user of AVG I would recommend you contact their technical support department for assistance.

  108. Mandy · 1688 days ago

    HI i just received mine to didn't open it only because i noticed at the top of the email a list of very similar emails to my own.
    When will they ever stop this,,, i feel sorry for the once that actually fall for this stuff!!

  109. S. D. · 1688 days ago

    Just received this email. Didn't have my name on it and the name of the service wasn't a mail carrier I ever heard of so Immediately googled it and looky what I found. It's really a no-brainer. Thanks for posting though.

  110. Savita Luzak · 1688 days ago

    Thanks for the warning. I got one today and it seemed strange so I googled "post express" and this warning came up. I did not open the attachment, I hope I'll be o.k.

  111. Tanja V · 1688 days ago

    Thanks for warning :)

  112. AIOKI · 1688 days ago

    hi, just got the same mail..but i never sent any package and was immediately suspicious. so i typed in the name of the postal service and your blog came up first..you are doing a great job! keep it up! i immediately deleted the file..did not open it. THANK GOD!

  113. Chris · 1687 days ago

    Thanks for the timely warning. I got two of these 2 days ago, but as hotmail indicated the attached file contained a virus I googled Post Express before opening and found this site. The message did not feel right anyway and was addressed to multiple variants of my address. It was tempting as I am expecting a delivery.

  114. Ali · 1687 days ago

    Thank you. We received an email from postmail@sanbernardino.com and didnt trust it.

  115. Shirley · 1674 days ago

    Blast, I had one of these today - I regularly send parcels to the US from the UK, and clicked on the attachment. Now running my virus guard :( thank you!

    It said this:
    Post Express Service
    Post Express Service. Error in the delivery address! NR4565
    02/04/2011 04:35 PM

    Post_Express_Label_SV65787.zip 17.7 KB

  116. James · 1672 days ago

    Damn, damn, damn - was expecting a parcel so opened it! Checked .rar and .exe with McAfee which told me no issues?!?!?!

    Am currently running another full scan of my PC but would appreciate any advice

  117. lynell · 1671 days ago

    I just got this today! On my blackberry, I thought it odd, but tried to open it anyways, I know, stupid! But anyways it wouldn't let me, and then I found you and I deleted it. I guess its fine. I feel completely dumb for downloading and trying to open, but I am expecting a package too! My tracking number was the same as one above, the NR one, but anyways thanks, at least now I can find you.

    • The malware wouldn't be able to cause any harm on your Blackberry. It's Windows-specific.

      Oh, and welcome to Naked Security. I hope you'll stick around. :)

  118. John · 1671 days ago

    I just received one of those e-mails from Post Express Office about a package. I did not open it but looked to see if there was an such company and could not find it. That is when I found your message aboutit. I also keep getting massages saying there from the FBI, Bank of America wich is my bank, from pay-pal. I also keep getting e-mail saying I have wone some lot when I don't play lots and besides they would not send you an e-mail when you have not given them your e-mail address any way. I alos get the one saying they are an attorneny and that they wwant to send you some money from some one who just died. They usally are from Nighira. I not shure I spelled that right.

  119. Nicola · 1671 days ago

    Received this exact e-mail today. I sent a parcel to someone in USA that has not turned up and thought it was that parcel they were talking about, but i never open e-mails until i know who they are from. I googled Post express service and found this link so i am off to delete it.

  120. lisa · 1671 days ago

    just got one.... tried openin as parcel missin from xmas..... wouldnt let me open zip so checked it out...... Thanks for warnin was gonna send it to boyfriend so he could open it.....

    got scammed for uggs at xmas too.... not happy...

  121. PhilM · 1671 days ago

    Stupidly clicked on the .exe file tonight [7th March]. My comp thought about doing something, I had the circle above my mouse pointer [Windows 7], and then nothing. Has it already done it's damage?
    My AVG hasn't picked anything up on 2 full system scans. Should I be worried?
    What does the Malware do to my computer?
    I've changed my passwords as a precaution.
    Any info will be greatly appreciated.

  122. Jimmy · 1671 days ago

    i have just received one of these mails, and i was expecting a parcel to be delivered to a friend. I'm rather worried, as the sender's e-mail address showed the town i was sending a parcel to!! How do they know? No one knew i was sending a parcel to that exact place. It wasn't done online either.

    On the other hand, a lucky escape thanks to googling this site!


  123. Macunaima · 1671 days ago

    Thank you. I received one of these e-mails and I was really waiting for a package so I tried to open. Thanks to Norton I could not open it Imagine. Norton Save me. I was not familiar with this type of malware etc.

  124. Don Evans · 1671 days ago

    Just received Post Office Express notification that a package was returned to the Post Office Express. Unfortunately, I opened and downloaded it. What can I expect? Will my Norton anti virus program save me? Is there any way to know if I am infected? What to do?



  125. Post Express Office · 1671 days ago

    DO NOT open this Malware attachment

    Post Express Office [postmail-dep.9876@montgomery.com]

    Good afternoon.

    Email notification No.xxxxxx

    Your package has been returned to the Post Express office.

    The reason of the return is "Incorrect delivery address of the package"

    Important message!
    Attached to the letter mailing label contains the details of the package delivery.
    You have to print mailing label, and come in the Post Express office in order to receive the packages!

    Thank you for using our services.
    Post Express

  126. mail · 1670 days ago

    I f i got such type of emails that please let me know what should I do.......???

    • If you didn't open the attachment, just delete them.

      If you did open the attachment (and ran the program within) then you should scan your computer with an up-to-date anti-virus as you may have infected your PC.

  127. SirRohman · 1670 days ago

    i seem to have just recived one this is the address thanks for the heads up Your Post Express (postmail-dep.6091@jacksonville.com

  128. Diane · 1670 days ago

    Just received this email today. I decided not to open it because it didn't give the address of the express mail. I decided to look online for anything about this. Glad I found out, but I also just trash it before looking online. With no tracking record on the package why would I open the file? Plus I am expecting a package and just knew this didn't look right.

  129. Splotsmum · 1670 days ago

    Just checked my mail on my iPhone, couldn't work out who the hell post express are, realised it must have been a scam and deleted. Am expecting parcels but a) have never heard of post express, b) never use my home email address for registering stuff and c) realised the mail was seriously lacking in information, so I checked online and ended up here. Now happy to delete the mail safe in the knowlege that modern technology is still within my grasp (just!!!). Valuable site from what I've seen. Good work :o)

  130. sam Janes · 1670 days ago

    I got this spam e-mail as i was waiting for a parcel from overseas, I stupidly opened it but thank god it was on my company pc & it wouldn't let me open up the zip file I only read your site after googling it, i will be more aware in the future thank you

  131. Clayson · 1670 days ago

    I actually open it on my mobile Sony ericsson xperia. Im waiting on a parcel from overseas though that was regarding it. Does anyone know what I have to do? i deleted it from my downloads.

  132. Jay · 1670 days ago

    I received one today, I was smart enough to google and end up on your article. But is there anyway to report this anywhere so they can catch this crook who is emailing virus. We ought to teach him a lesson instead of just deleting it

  133. Jen · 1669 days ago

    I just got one today, I downloaded it and it just came up with a text file with a whole bunch of weird letters. I downloaded it on my Mac does that mean I'm okay since it's a Windows virus? I hope it doesn't stuff up my computer :(

  134. Vanilene de Aro · 1669 days ago

    I also got the message today, and I think I got one like that before but I've deleted it...thanks for the info...:)

  135. marilynbarker · 1668 days ago

    I received one of the above emails & thankfully have a security safeguard on my computer which told me, when I tried to download the attachment that there was a virus connected to the email download.
    I found this site in the process of looking for Post Express Office details.
    Thank goodness I did.
    I sent a parcel a couple of weeks ago but had no post code for it & so I assumed when I read this email from Post Express Office that it had not been delivered.
    I even went to our sorting office & they didn't spot the scam.

  136. Danielle · 1668 days ago

    luckly for m my virus software saved my laptop and would let me open the file at all and as it was a zipped file i wasnt prepared to open it it was my sister that asked me about it and i realised that it was a spam and that i am really peedoff about it and i google it and i new i was right when i seen the site that made my thought correct thanks.

  137. peter · 1668 days ago

    just got this same msg - googled the email address:


    to see if anyone was talking about it being a scam, but later found this site when I googled:

    Post Express Office. Get the parcel NR5955710

    Thanks for posting about this - I'm adding this comment with the text from my email, so people can find your page and stay away from these scammers : )

    thanks again,


    Good afternoon.

    Email notification No.8826676

    Your package has been returned to the Post Express office.

    The reason of the return is "Error in the delivery address"

    Important message!
    Attached to the letter mailing label contains the details of the package delivery.
    You have to print mailing label, and come in the Post Express office in order to receive the packages!

    Thank you for your attention.
    Post Express Support

  138. Jill · 1668 days ago

    what will happen i opened the attachment by mistake

  139. renee · 1668 days ago

    What about if you open this on a mac? I too was expecting a parcel and got sucked in. as soon as i down loaded it my computer wouldn't open it so i deleted it.

    • The malware in this attack is Windows-specific, so won't infect your Mac (unless you're running Windows on your Mac, of course!)

  140. thanks, i found this malware in my inbox ,i went on google to find out about it before opening the attachment .
    thanks for giving this valuable information ,i immediately deleted mail from my inbox

  141. Jazzmin · 1667 days ago

    Just received this mail and fortunately when I opened it, it cannot be opened because it contained some virus and cannot be cleaned by the virus scanner.

  142. pyrus · 1667 days ago

    i just got this email. luckily i checked up on this first as opposed to just opening it, as i am also expecting a package.

  143. Øyvind · 1667 days ago

    I this virus effective on apple computers or only windows?

    Thank you for helping :)

  144. Karen · 1667 days ago

    well..I'm a fool I've opened it and tryed to run it..but have some hell good virus programs on my laptop that detected it for what it was and wouldn't let it near the main stuff......

    aint I lucky!

  145. Bug · 1667 days ago

    I have a microsoft laptop. I was expecting a package and I tried to open it, but it would not open. I have trend micro, so I ran a full scan on my computer but it found nothing. Should I be worried? So I take my laptop to a professional to check for viruses?

  146. Nigel · 1666 days ago

    Your timely warning has helped put my mind at rest. Couldn't open the file even if I wanted to because the virus checker kept tightly shut !

    Even phoned up Post Office, but they couldn't warn me about malicious spamming.

    Will try to e-mail them myself to help their call team give a correct warning reply.


  147. Trishk · 1665 days ago

    My computer has crashed because I was expecting a package and opened the email, even tho I wondered how they got my email address. Lesson is that one shouldn't open their emails when tired etc. as I was. I don't know what to do as I have no internet connection on that laptop and Macafee doesn't seem to respond to my requests for help. I am on Dell Malware forum, but any other help is welcomed.


  148. Helen Stewart · 1665 days ago

    tks also for this, also expecting a couple of parcels, but decided to google to find out more and found your site......great stuff

  149. Bruiser · 1664 days ago

    Googled my way to your warning, your work to prevent these parasites gaining access is very much appreciated.

  150. p.j. · 1664 days ago

    ok so i was expecting a package and stupidly downloaded this and ran it. My computer went on the fritz so i did a scan and it says that im virus free and got rid of the malware but ever since then my computer has been crashing??? Is it possible that there is still something on my computer? Any advice please.

    • I would recommend contacting your anti-virus vendor's tech support team directly to see if they can help. Maybe they botched up the disinfection?

  151. Peter T · 1664 days ago

    I never heard ofa POST EXPRESS OFFICE. Check with google and yours site was listed first. Good thing I checked and THANKS FOR THE WARNING ABOUT THIS SCAM ! ! !

  152. patrick · 1664 days ago

    hello every i got an e-mail to my computer about a parcel returned because of wrong address but i knew it was a spam so i did not open it

  153. Nutsonmercs · 1664 days ago

    I too have been waiting for parcels to be delivered. Stupidly I opened it, and both browsers I had opened disappeared, Task manager wouldn't open. I restored to last update and things seem to be OK (for now) hopefully first and last time!!!!!

  154. steve · 1663 days ago

    Hi All

    Just received the same e-mail. As I was expecting a package I tried to open the attachment but windows blocked it. Hope all is ok for me and you all.


  155. Sandra · 1662 days ago

    Received one yesterday, very suspcious of the tone, didn't open the attachment. Will now delete it completely. Thanks.

  156. guest · 1661 days ago

    Hi, i [from The Netherlands]got one from Post Express Parcel (postmail-utn.17775@pittsburgh.com) on Monday 14 March 2011; with an attachement. Didn't open the attachement, and blokked >>pittsburgh.com<<.

  157. jan Elias · 1660 days ago

    I received this mail and i click on attach so i think i already infected so what can i do now

  158. Janos · 1660 days ago

    I have received one tonight, thank you guys for your help, well done.

  159. stuart · 1660 days ago

    i recieved this e-mail while expecting a package from amazon. maybe they know somehow that there has been something sent to me. luckily i was suspicious that there weren't any details about the package or the '' wrong address''.

  160. Simon (UK) · 1657 days ago

    Wife opened it Friday in ordinary user account. AAARRGH. Account desktop inaccessible Fake AntiVirus " MS Clean This" displayed. MS task manager inaccessible. Widespread file damage (>100) including antivirus files and restore archives (found by searching for files last updated at time of infection). Multiple copies of malware created around the system with different file names, even in recycle bin. This is going to take me a while to sort out !!

  161. dianas · 1657 days ago

    Just got an email - from them today with the exact content mentioned here
    it is good to know that it is fake just as I thought

  162. Rob · 1657 days ago

    I received one stating my package had been returned. Unfortunately, I opened it and it screwed my computer up by closing all my files down and not allowing me to access my computer. I did manage to get computer going after a few frustrating hours. Does anyone know if they are able to hack into files to get information from your computer? Most of my files appear intact.

  163. Donka · 1655 days ago

    I too have been expecting a package and attempted to open this email. Luckily my spy ware didn't allow me and said it contained a virus. That's when I did a web search. But I was reading everyones comments and found that most people were expecting a package. Very odd.

    • MJJ · 1654 days ago

      Its not ODD AT ALL!

      If you spam out 1million of these, logically most people will see it and go "I wasnt expecting anything, this is obviously bumpkis"- HOWEVER ....some people willy by coincidence ACTUALLY just so happened to have been expecting a package and will open it as others have done so.

      I got one of these in my SPAM folder today, opened the mail to read it but noted the attatchment and well, I wasnt expecting a package so Obvious-Trap-Is-Obvious. I opened the mail to read it, but left the attatchment alone, googled, found this and other pages (this exact kind of stuff goes back as far ast 2007), and then promptly deleted the mail from my SPAM folder as I did not want that virus lingering around in my box.

  164. I opened the email but didn't download the attachment. Am I safe?

  165. liz · 1649 days ago

    Just got one of these e-mails today and was completely stupid. This is the first time I have ever opened anything like this because I am actually expecting a package from a friend! I saw the comments regarding MAC and I am currently running OS X. I just want to quadruple check that I should not expect anything malicious to happen. Is there anything I should do to ensure that nothing is going to happen? Should I be nervous about logging into accounts? Also, my husband tried to open the e-mail on his blackberry before I found this site...

    • Lennart · 1642 days ago

      So, I'm in the same kind of situation. And although my computer seems to be still working fine, I'm still quite nervous. Can't find any information about what to do regarding MAC users.

      • The malware can't run on your Mac, as it's Windows-specific. Mac users can simply delete the email and get on with their lives. Nice, eh?

  166. Jerzy Gawor · 1645 days ago

    8 weeks on and this virus is still going strong. Got one in today's emails that had been sent to my spam box - so suspicions aroused. Thought I'd heard something about a Parcel Notification going round containing malware.
    Googled Post Express Services and yours was the first site which gave me all the information I needed. Zapped the email straight into delete and sent a warning to other friends and family.
    Thanks Guys - very impportant work.

  167. John · 1644 days ago

    I want to know if we can find a way to catch the worthless scum who send these emails; there has to be something that can be done, I'm receiving these damned things daily now, sometimes two or three a day! If I catch them, they wouldn't be sorry for sending them, they'd be sorry that their mothers ever gave birth to them!

  168. Dani · 1643 days ago

    Is anyone getting hundreds of these emails? I'm getting about 3 a day, all from very slightly different email addresses. I'm on a Mac so it's not a problem - just frustrating.

    is there anything I can do to stop them?


  169. stephen · 1643 days ago

    What exactly is the point of it to the sender? Is it illegal? Why cant it be traced and stopped?

  170. JimW · 1643 days ago

    Had one this morning from Post Express. "Please attention" was a bit of a warning! Didn't open it on my Mac. Is it only Windows it infects? I don't have that anyway. Your advice very handy. Thanks.

  171. Jolyn · 1642 days ago

    I received one of these emails today. It was horrid english, which was my first red flag. Next, was that it asked me to open an attachment. Looked up (on outlook reading pane) at the attachment/file name, and saw it was a zip file, second red flag, and DELETE!

    I just printed out a copy of this article and passed it around the office so that no one downloads it. I think that if my spam filter didn't catch it, my virus scanner probably won't either. Hopefully they have patched/updated all virus scanners/malware scanners to catch this file.

  172. Rochelle · 1607 days ago

    Yes, I am a victim. Unfortunately although I am generally alert when it comes down to these type of emails, I downloaded it. Fortunately I guess my anti-virus caught it because my computer was unable to open the document. Should I look for signs of inspection? Nothing has happened yet.

  173. Joanne · 1607 days ago

    Can you tell me what happens? I stupidly opened it then realised it was a fake! I ran my Trend micro internet security immediately and logged off. SHould I look out for anything suspicious????? This has never happened before.....

  174. Rick D. · 1567 days ago

    I received this email today, but mine said the package was over the weight limit for free delivery, I am expecting 2 packages but I know what each weighs and knew it had to be a virus.

  175. Darcy · 1567 days ago

    6/19/2011 Just got this. I too was expecting a package. But thought it was odd that the post service had my email address. Did not open thought I would check on it first. Glad I did. So beware everyone looks like this one is running another course.

  176. christian · 1566 days ago

    Got one about 30 mins ago... the threat is still out there! I almost opened it the I got the bright idea to check on it first! Thank god I did!


  177. christian · 1566 days ago

    Just got one 30 mins ago! Those jack@$$es are doing it again!

  178. Pat the Dog · 1566 days ago

    And finally, most weird of all, there is hidden text -- white on white background -- in the original message that I discovered by accident when highlighting it; it appears below. With a little Googling and Wikipedi-ing, I discovered that it is a snippet from "A Ride Across Palestine," by Anthony Trollope. (Poorly transcribed by the sloppy malware artist, for some odd reason. Why Trollope? Why this strange little short story?)

    Bizarre in the highest.

    >>>There is no possible occasion for it, I said again.If there is anything to pay, Ill ask you for it when the journey is over. That forty shillings you must fork out. Its a law of the Medes and Persians. Because, he added, strangers, I know, are sometimes suspicious about money; and I would not, for worlds, have you think that I would put you to expense. I assured him that I did not think so, and then the subject was dropped. He was, at any rate, up to his time, for when I came down on the following morning I found him in the narrow street, the first on horseback. Joseph, the Frenchman, was strapping on to a rough pony our belongings, and was staring at Mr. Smith. My new friend, unfortunately, could not speak a word of French, and therefore I had to explain to the dragoman how it had come to pass that our party was to be enlarged. But the Bedouins will expect full pay for both, said he, alarmed.

    • Sometimes the bad guys include random chunks of text in their email. They do it to try to fool rudimentary anti-spam filters, hoping that by choosing different random text each time they'll be able to get past the gateway and onto your computer.

  179. DAVE · 1566 days ago

    Monday, 20 June, 2011 12:59:37
    You need to get parcel in the office of Postal Service
    Post Express Service <post.express@lexington.com>
    Add to Contacts

    Postal_Label_#00724.zip (23KB)
    Dear Customer.

    The delivery service couldn’t deliver your package.
    The package weight exceeds the allowable free-delivery limit.
    You have to receive your packagen personally..
    Please print out the label attached to this message and pass it in to get your package in the office of the mail service company.

    Thank you for attention,
    Post Express Service.

  180. DAVE · 1566 days ago

    Post Express Service.
    I had one today I sent the zip file to my desk top,for later to check I tried to open it but my laptop would not let me. Later I found this site, I was lucky next time I will think first,its so easy to click and think after?.I have had ones from UPS about 6 times but I have always binned them they just looked wrong not got my name on it no contact name on it .I have sent the email for every one to see hope this helps. ALL THE BEST TO YOU ALL AND WATCH YOUR EMAILS.

  181. DAVE · 1565 days ago

    Just checked my email and in the spam up comes another one I have put it on here for all of you to see,Now I will put it in the bin.IF IT DON'T LOOK RIGHT BIN IT. ALL THE BEST TO YOU ALL AND WATCH YOUR EMAILS

    Tuesday, 21 June, 2011 11:27:29
    Federal Tax transfer rejected
    "Beatriz_Santana@irs.gov" <Beatriz_Santana@irs.gov>
    Add to Contacts

    Your federal Tax transaction (ID: 7287268896225), recently initiated from your checking account was returned by the your financial institution.

    Rejected Tax transaction
    Tax Transaction ID:7287268896225
    Rejection ReasonSee details in the report below
    Tax Transaction Reporttax_report_7287268896225.pdf.exe (self-extracting archive, Adobe PDF)

    Internal Revenue Service, Metro Plex 1, 8401 Corporate Drive, Suite 300, Landover, MD 20785

  182. leah · 1417 days ago

    we just received an email regarding this. they were from malaysia and they told us that the parcel that has been sent to us was held in the Malaysian customs. they even told us to pay $1550 for the penalty.

  183. Mario · 1404 days ago

    They've moved unto claiming it's from the USPS (following is text of email):
    Good afternoon,

    Your parcel has arrived at the post office on November 15.
    We were not able to deliver your package to your address.
    To receive a parcel you must go to the nearest USPS office and show your post label.
    The post label is attached to this letter.

    Thank you for your attention.
    USPS Express Services.

  184. Rufus · 1337 days ago

    I'm not sure but I think I may have recieved the same thing. I'm posting this message because my message was slightly different:

    This is a post notification

    The parcel was sent to your home address. And it will arrive within 5 business days.
    More information and the tracking number are attached in document below.

    Thank you.
    Post Express Support

    I'm expecting a parcel soon. The message had a Zip file attached to it and when I tried to download it I recieved a message from Norton to say that a virus had been blocked.

  185. Jo Owen · 1335 days ago

    Thank you.
    I received one today, sent it straight to trash without opening the attachment, then googled and found your warning. I have received enough of the UPS ones to trash them straight away without opening but this was a new one!

  186. Jo Owen · 1335 days ago

    Just realised that you posted this warning in early February 2011 not 2012. Not such a new one then but still new to me!

  187. SpiceDoc · 1318 days ago

    Well, here's mine. The only thing is the email address is worldwide@Fedex.com - Fedex.com takes me straight through to FedEx. Almost had me foxed.

    Dear Customer,

    The delivery service couldn’t deliver your package.
    The package weight exceeds the allowable free-delivery limit.

    You have to receive your packagen personally.
    Print out the "Invoice Copy" attached and collect the package at our office.

    Please read carefully the attached information before receiving your package.

    Thank you for attention. FedEx Logistics Services

    I had t find the exact wording. Lucky for me I read this site

  188. drkangel · 1242 days ago

    this is the email i just got. it can from Post Express Service <parcel@raleight.com>;
    Delivery information,

    We couldn’t deliver your parcel at your address.

    Status: The size of parcel is exceeded.
    LOCATION OF YOUR ITEM:Virginia Beach
    PARCEL STATUS: sort order
    SERVICE: Express Shipping
    ITEM NUMBER:U022530963 NU

    Label is enclosed to the letter.
    You should print the label and show it in the nearest post office to get a parcel.

    If the parcel isn’t received within 30 working days our company will have the right to claim compensation from you for it's keeping in the amount of $14.16 for each day of keeping over limited time.

    You can find the information about the procedure and conditions of parcels keeping in the nearest office.

    Thank you.
    USPS Global.

  189. Guest · 1181 days ago

    Here's another one hot off the press:

    From: Post Express <postmail@stlouis.com
    To (My email address)
    CC 5 similar addresses


    Dear Customer
    The parcel was sent to your home address and it will arrive within 7 business days.
    For more information and the tracking number please download shipping label
    (Gives link - I didn't)
    Thank You
    United Parcel Service.

    Apart from the fact I'm not expecting a parcel, the email is in fact a picture with just the link as a separate item.

  190. Jack · 1178 days ago

    I opened it. Now I get thes windows that you can't get vrid of. I have Norton but the scan doesn't seem to have sorted it out!! What do I do?

  191. Khristy · 1164 days ago

    Just received one today from:

    Post Express Service (parcel@elpaso.com)
    Sent: Wed 7/25/12 12:58 PM

    I am expecting a package, but not from ElPaso. Thanks for the site.

  192. Lauren · 1132 days ago

    I just got a new one from "UPS Logistics".

  193. JoJo · 1014 days ago

    Hey everyone,
    I unfortunately found this a little too late. However, I clicked on the “GET POSTAL RECEIPT” (not having noticed the signs because I was expecting a delivery myself) on my phone (as well as my ipod touch) and it just displayed a “cannot open page.” I got a second email today and saw different dates and numbers and finally caught onto the bad grammar, so I got suspicious and here I am.
    Is it a good thing or a bad thing that my phone displayed the “cannot open page”? And could it possibly be infected with the virus?
    Also, does anyone know of any symptoms that this virus has? I’m afraid that if I connect my phone to my computer it may pass on. I’m just really concerned now.
    Thanks in advance!

  194. lucy · 1007 days ago

    Claim I needed a receipt to get FedEx.... the account number was unknown to FedEx, the order number was unknown, and I wasn't expecting a package. Then remembered to look at where it came from:


    Not FedEx! Plus FedEx never would ask me to open a file...

  195. Mr. M · 994 days ago

    will this affect an ipad? i was not as lucky to have read this post. when I click the button, I got a 404 error on the browers. What to do.....

  196. Tymiria · 921 days ago

    Thank you for this site. Something wasn't right about the email. UPS Express Services.

  197. ODNT · 921 days ago

    I too was expecting a package, thankfully, McAfee blocked it.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley runs his own award-winning computer security blog at https://grahamcluley.com, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Follow him on Twitter at @gcluley