{"id":2729,"date":"2019-04-06T19:34:11","date_gmt":"2019-04-06T19:34:11","guid":{"rendered":"http:\/\/www.syyhoaxanalyzer.com\/?p=2729"},"modified":"-0001-11-30T00:00:00","modified_gmt":"-0001-11-29T17:00:00","slug":"Post-Express-'Incorrect-Delivery-Address'-Malware-Emails","status":"publish","type":"post","link":"https:\/\/www.syyhoaxanalyzer.com\/?p=2729","title":{"rendered":"Post Express &#8216;Incorrect Delivery Address&#8217; Malware Emails"},"content":{"rendered":"<div>\n<h2>Outline<\/h2>\n<p>Email purporting to be from &#8220;Post Express Support&#8221;, claims that a package sent by the recipient has been returned because of incorrect delivery details. The email instructs the recipient to open an attached file to print out a mailing label. \u00a0 <\/p>\n<p><script async src=\"\/\/pagead2.googlesyndication.com\/pagead\/js\/adsbygoogle.js\"><\/script><br \/>\n<!-- HS Net Top Content Responsive --><br \/>\n<ins class=\"adsbygoogle\"\n     style=\"display:block\"\n     data-ad-client=\"ca-pub-0355887770822260\"\n     data-ad-slot=\"4870821038\"\n     data-ad-format=\"auto\"><\/ins><br \/>\n<script>\n(adsbygoogle = window.adsbygoogle || []).push({});\n<\/script><\/p>\n<h2>Brief Analysis<\/h2>\n<p>The email is not from Post Express or any legitimate postal delivery service. The claim that a package has been returned is untrue. The attachment does not contain a mailing label as claimed. In fact, opening the attachment can install a trojan on the user&#8217;s computer.<\/p>\n<h2>Example<\/h2>\n<div class=\"example\">\n<p><b>Subject: Post Express Service. Your package delivered! NR6776<\/b><\/p>\n<p>Dear client<\/p>\n<p>Your package has been returned to the Post Express office.<br \/>\nThe reason of the return is &#8220;Incorrect delivery address of the package&#8221;<\/p>\n<p>Attached to the letter mailing label contains the details of the package delivery.<br \/>\nYou have to print mailing label, and come in the Post Express office in order to receive the packages.<\/p>\n<p>Thank you for your attention.<br \/>\nPost Express Support<\/p>\n<\/div>\n<p>&nbsp;<\/p>\n<h2>Detailed Analysis<\/h2>\n<p>According to emails purporting to be from &#8220;Post Express Support&#8221;, the recipient&#8217;s package has been returned to the Post Express Office because delivery details were incorrect. The message instructs the recipient to open an attached file, supposedly in order to print out a mailing list that can be taken to the Post Express Office so that the package can be collected.<\/p>\n<p>However, the email is certainly not from &#8220;Post Express&#8221; or any other legitimate package delivery service. And the claim that a package has been returned is nothing more than a ruse designed to trick recipients into opening the attached file. The attachment does not contain a mailing label as claimed in the message. Instead, opening the attached file can install a trojan on the user&#8217;s computer. Once installed, the \u00a0<a class=\"norm\" title=\"Outbreak: Post Express Service malware attack spammed out\" href=\"https:\/\/nakedsecurity.sophos.com\/2011\/02\/01\/outbreak-post-express-service-malware-attack-spammed-out\/\">trojan<\/a> \u00a0can send information to malicious servers and may download other malware.<\/p>\n<p><script async src=\"\/\/pagead2.googlesyndication.com\/pagead\/js\/adsbygoogle.js\"><\/script><br \/>\n<ins class=\"adsbygoogle\"\n     style=\"display:block; text-align:center;\"\n     data-ad-format=\"fluid\"\n     data-ad-layout=\"in-article\"\n     data-ad-client=\"ca-pub-0355887770822260\"\n     data-ad-slot=\"9162856233\"><\/ins><br \/>\n<script>\n     (adsbygoogle = window.adsbygoogle || []).push({});\n<\/script><\/p>\n<p> The tactic used in this attack is nothing new. Criminals have used the returned or failed package delivery ruse a number of times in the past as a means of distributing malware. Another version that has been used and reused since at least 2008, claimed that a \u00a0<a href=\"https:\/\/www.hoax-slayer.net\/not-able-to-deliver-ups-package-malware-email\/\">package being delivered by United Parcel Service (UPS)<\/a> \u00a0had not been delivered due to addressing problems. In 2010, another very similar version claimed that the \u00a0<a href=\"https:\/\/www.hoax-slayer.net\/fedex-incorrect-delivery-address-malware-email\/\">returned package had been sent by FedEx<\/a>. In both versions, an attachment to the emails that supposedly contained a mailing label, in fact, carried dangerous malware.<\/p>\n<p>The scammers rely on the fact that many recipients may open the attachment out of simple curiosity or concern, even if they were not actually expecting a package delivery. This canny social engineering trick is likely to be repeatedly used and reused by criminals intent on distributing malware.<\/p>\n<p>Users should be very cautious of any unsolicited emails that claim that a package delivery has failed or been returned. No legitimate delivery company is likely to send notice of a failed delivery via an unsolicited email with an attached mailing label file.<\/p>\n<p><\/br><\/br> Original Source : <a href=\"https:\/\/www.hoax-slayer.net\/post-express-incorrect-delivery-address-malware-emails\/\" target=\"_blank\">https:\/\/www.hoax-slayer.net\/post-express-incorrect-delivery-address-malware-emails\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Outline Email purporting to be from &#8220;Post Express Support&#8221;, claims that a package sent by the recipient has been returned because of incorrect delivery details. The email instructs the recipient to open an attached file to print out a mailing label. \u00a0 Brief Analysis The email is not from Post Express or any legitimate postal [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":6890,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-2729","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-hoax-inggris"],"_links":{"self":[{"href":"https:\/\/www.syyhoaxanalyzer.com\/index.php?rest_route=\/wp\/v2\/posts\/2729"}],"collection":[{"href":"https:\/\/www.syyhoaxanalyzer.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.syyhoaxanalyzer.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.syyhoaxanalyzer.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.syyhoaxanalyzer.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=2729"}],"version-history":[{"count":0,"href":"https:\/\/www.syyhoaxanalyzer.com\/index.php?rest_route=\/wp\/v2\/posts\/2729\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.syyhoaxanalyzer.com\/index.php?rest_route=\/wp\/v2\/media\/6890"}],"wp:attachment":[{"href":"https:\/\/www.syyhoaxanalyzer.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=2729"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.syyhoaxanalyzer.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=2729"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.syyhoaxanalyzer.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=2729"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}