It’s wise to be wary when it comes to unsolicited email, even when the email appears to come from a legitimate organisation.
Today we’re warning internet users to be careful not to be tricked into open attachments that have been spammed out, posing as communication from the British Royal Mail.
A typical email reads:
Royal Mail Group Shipment Advisory
The following 1 piece(s) have been sent via Royal Mail on Mon, 20 Aug 2012 15:43:14 +0530, REF# 5646597645
SHIPMENT CONTENTS: Documents
SHIPPER REFERENCE: PLEASE REFER TO ATTACHED FILE
ADDITIONAL MESSAGE FROM SHIPPER: PLEASE REFER TO ATTACHED FILE
Royal Mail Group Ltd 2012. All rights reserved
It should go without saying that the emails are not connected with the real Royal Mail in anyway, despite them appearing to arrive from firstname.lastname@example.org and containing the Royal Mail’s logo.
The cybercriminals who have distributed the attack are hoping that your curiousity will be piqued, and you will be tempted to open the attached ZIP file in the mistaken belief that a parcel is winging its way to you.
Contained within, however, is not a Royal Mail shipping advisory but a file called royal_mail_shipping.exe, detected by Sophos as the Troj/Backdr-HE Trojan horse.
The technique of disguising a malware attack as an email from a delivery company is nothing new, of course. Many internet users will be aware of the attacks we have seen in the past that have pretended to come from the likes of DHL, FedEx and USPS for example.
Chances are that a malware attack that is less likely to be as successful as those which abuse the name of global delivery companies, but there is always the danger that some people will click without thinking and have their computers infected as a result.
British post box image from Shutterstock.