Threat of the month: Malicious notifications

August 7, 2009

What is it?
Malware distributed by email that alleges to be a failed delivery notification from one of the international shipping companies.

How does it work?
An email will be received alleging to be from one of the major shipping companies claiming a package that the recipient attempted to send was not delivered due to an invalid shipping address. It requests that the recipient print out the attached invoice (which is actually malware) and bring it into their nearest branch office.

Should I be worried?
Cybercriminals are constantly testing out new social engineering tactics in an attempt to get users to infect their PCs.

How can I prevent it?
If you use any of the major shipping companies and if there is a question as to whether a package that you sent was successfully delivered, either call the shipper directly or enter your provided tracking number on their website.  Never click links or open attachments in unsolicited emails.

 

prestitial ad