Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Security
Malware Analysis
Fake deliveries in an age of lockdown
Message
<blockquote data-quote="Bot" data-source="post: 877117" data-attributes="member: 52014"><p>It would be hard to find a sphere of human activity untouched by the coronavirus pandemic, and express delivery services are no exception. Transport flows between countries have been disrupted, and there is a <a href="https://www.forbes.com/sites/tedreed/2020/04/18/demand-for-air-cargo-capacity-is-urgent-and-huge---who-will-step-in-to-fill-it/" target="_blank">shortage</a> of cargo planes as people and companies continue to order goods both domestically and from abroad. Demand for some items has even <a href="https://www.nst.com.my/business/2020/03/579210/covid-19-malaysias-top-glove-overwhelmed-international-orders" target="_blank">shot up</a>.</p><p></p><p>The spikes in demand are causing in-transit times to stretch out. As a result, customers are getting used to receiving apologetic messages from couriers linking to updated shipping status. Recently, we have observed a number of fake sites and e-mails supposedly from delivery services exploiting the coronavirus topic. Fraudsters are using both <a href="https://securelist.com/scammers-delivery-service-exclusively-dangerous/66515/" target="_blank">tried-and-true ploys</a> and new schemes.</p><p></p><p><span style="font-size: 18px"><strong>Spam with malicious attachments</strong></span></p><p></p><p></p><p>Spammers may pose as delivery service employees to persuade victims to open malicious e-mail attachments. The classic trick is to say that to receive a package that’s come in, the recipient must first read or confirm the information in an attached file.</p><p></p><p>For example, a fake delivery notification e-mail in broken English says that a parcel cannot be delivered because of the pandemic, so the recipient needs to come to the warehouse and pick it up in person.</p><p></p><p>The warehouse address and other details are, of course, said to be in the attachment — which, if opened, installs a Remcos backdoor on the computer. Cybercriminals can then make the PC join a botnet, or they might steal data or install other malware.</p><p></p><p><a href="https://media.kasperskydaily.com/wp-content/uploads/sites/92/2020/04/27101051/covid-delivery-service-spam-screen-1.png" target="_blank"><img src="https://media.kasperskydaily.com/wp-content/uploads/sites/92/2020/04/27101051/covid-delivery-service-spam-screen-1.png" alt="Fake delivery notification" class="fr-fic fr-dii fr-draggable " style="" /></a></p><p>Fake delivery notification</p><p></p><p></p><p>The authors of another fake delivery e-mail use a similar trick, alleging that the company was unable to deliver the package because of a labeling error. The victim is asked to confirm the information in the attachment, which in fact contains another member of the Remcos family.</p><p></p><p><a href="https://media.kasperskydaily.com/wp-content/uploads/sites/92/2020/04/27101056/covid-delivery-service-spam-screen-2.png" target="_blank"><img src="https://media.kasperskydaily.com/wp-content/uploads/sites/92/2020/04/27101056/covid-delivery-service-spam-screen-2.png" alt="These crooks are pretending to be from a certain express delivery company, but the address gives them away" class="fr-fic fr-dii fr-draggable " style="" /></a></p><p>These crooks are pretending to be from a certain express delivery company, but the address gives them away</p><p></p><p></p><p>Sometimes spammers insert images of documents in a message to add credibility. In the example below, scammers added a small image to the e-mail text. It appeared to be a receipt, but it was too small to read and did not change size when clicked, prompting the recipient to open the malicious attachment, whose name contains “.jpg.”</p><p></p><p>If the recipient’s e-mail client does not display the file’s real extension, they might mistake such an attachment for the image. It’s actually an executable ACE archive containing the spyware program Noon.</p><p></p><p>To rush the victim, the cybercriminals say they need the missing information urgently so as to deliver the parcel before lockdown.</p><p></p><p><a href="https://media.kasperskydaily.com/wp-content/uploads/sites/92/2020/04/27101102/covid-delivery-service-spam-screen-3.png" target="_blank"><img src="https://media.kasperskydaily.com/wp-content/uploads/sites/92/2020/04/27101102/covid-delivery-service-spam-screen-3.png" alt="Fake delivery service e-mail containing an archive with a double extension" class="fr-fic fr-dii fr-draggable " style="" /></a></p><p>Fake delivery service e-mail containing an archive with a double extension</p><p></p><p></p><p>Another malicious e-mail topic that’s not new but is especially relevant in the current climate is delivery delays. The scenario is highly plausible: The scammers point the victim to an attachment that contains the Bsymem Trojan, which if executed enables the attackers to take control of the device and steal data. The bottom of the message includes a statement that it was scanned by a mail security solution and found to contain no malicious files or links, a claim designed to lull the recipient into a false sense of security.</p><p></p><p><a href="https://media.kasperskydaily.com/wp-content/uploads/sites/92/2020/04/27101108/covid-delivery-service-spam-screen-4.png" target="_blank"><img src="https://media.kasperskydaily.com/wp-content/uploads/sites/92/2020/04/27101108/covid-delivery-service-spam-screen-4.png" alt="Fake notification about a delivery delay due to COVID-19" class="fr-fic fr-dii fr-draggable " style="" /></a></p><p>Fake notification about a delivery delay due to COVID-19</p><p></p><p></p><p>Many spammers simply insert a mention of COVID-19 into their usual mailing templates, but some focus specifically on quarantines and the rapid spread of the pandemic.</p><p></p><p>For example, in one story, the government had banned the import of any kind of goods into the country, so the package was returned to the sender.</p><p></p><p><a href="https://media.kasperskydaily.com/wp-content/uploads/sites/92/2020/04/27101114/covid-delivery-service-spam-screen-5.png" target="_blank"><img src="https://media.kasperskydaily.com/wp-content/uploads/sites/92/2020/04/27101114/covid-delivery-service-spam-screen-5.png" alt="Fraudsters claim that the government has banned the import of goods into the country" class="fr-fic fr-dii fr-draggable " style="" /></a></p><p>Fraudsters claim that the government has banned the import of goods into the country</p><p></p><p></p><p>The attachment supposedly contains an order tracking number to request a reshipment after virus-related health restrictions subside. Opening the file, however, risks installing the Androm backdoor, which gives the attackers remote access to the computer.</p><p></p><p><span style="font-size: 18px"><strong>Phishing</strong></span></p><p></p><p></p><p>Scammers specializing in phishing attacks are also taking advantage of delivery market chaos. We detected highly believable copies of legitimate websites as well as fake tracking pages. All of them, of course, made mention of the coronavirus.</p><p></p><p>For example, phishers targeting accounts of a delivery service customers replicated the company’s official homepage in detail, including the latest news about the pandemic.</p><p></p><p><a href="https://media.kasperskydaily.com/wp-content/uploads/sites/92/2020/04/27101124/covid-delivery-service-spam-screen-6-7.png" target="_blank"><img src="https://media.kasperskydaily.com/wp-content/uploads/sites/92/2020/04/27101124/covid-delivery-service-spam-screen-6-7.png" alt="Official website (left) and phishing resource made to look like this website (right)" class="fr-fic fr-dii fr-draggable " style="" /></a></p><p>Official website (left) and phishing resource made to look like this website (right)</p><p></p><p></p><p>No less detailed is this clone of another delivery service website, which also mentions the latest coronavirus news.</p><p></p><p><a href="https://media.kasperskydaily.com/wp-content/uploads/sites/92/2020/04/27101831/covid-delivery-service-spam-screen-8.png" target="_blank"><img src="https://media.kasperskydaily.com/wp-content/uploads/sites/92/2020/04/27101831/covid-delivery-service-spam-screen-8.png" alt="Phishing resource made to look like another delivery service website" class="fr-fic fr-dii fr-draggable " style="" /></a></p><p>Phishing resource made to look like another delivery service website</p><p></p><p></p><p>The authors of this fake portal for tracking packages added COVID-19 to the copyright line. There is little other information on the page: a form for entering credentials and a list of “partner” e-mail services. Needless to say, entering credentials on this resource sends them to the scammers, and the fate of the package will remain unknown.</p><p></p><p><a href="https://media.kasperskydaily.com/wp-content/uploads/sites/92/2020/04/27102318/covid-delivery-service-spam-screen-9.png" target="_blank"><img src="https://media.kasperskydaily.com/wp-content/uploads/sites/92/2020/04/27102318/covid-delivery-service-spam-screen-9.png" alt="Fake package tracking page" class="fr-fic fr-dii fr-draggable " style="" /></a></p><p>Fake package tracking page</p><p></p><p><span style="font-size: 18px"><strong>How not to swallow the bait</strong></span></p><p></p><p></p><p>Against the backdrop of the pandemic and the large number of genuine package delays, fake sites and e-mails have a good chance of success — especially if you really are expecting a package, or if, say, shipment details were sent to your work e-mail and you have reason to think that a colleague might have placed the order. To avoid getting hooked:</p><p></p><ul> <li data-xf-list-type="ul">Look carefully at the sender’s address. If the message came from a free e-mail service or contains a meaningless set of characters in the mailbox name, it’s most likely a fake. Keep in mind though, that <a href="https://www.kaspersky.com/blog/36c3-fake-emails/32362/" target="_blank">it’s possible to forge sender address</a>.</li> <li data-xf-list-type="ul">Pay attention to the text. A major company will never send e-mails with crookedly formatted text and bad grammar.</li> <li data-xf-list-type="ul">Do not open attachments in e-mails from delivery services, especially if the sender insists on it. Instead, log in to your personal account on the courier’s website, or manually enter the address of the service in your browser to check the tracking number. Do likewise if you received an e-mail urging you to click a link.</li> <li data-xf-list-type="ul">Take special care if a message makes any mention of coronavirus. Cybercriminals exploit hot topics to attract attention, so you should never rush to comply with such messages.</li> <li data-xf-list-type="ul">Install a <a href="https://www.kaspersky.com/advert/security-cloud?redef=1&THRU&reseller=gl_kdailyplacehold_acq_ona_smm__onl_b2c_kasperskydaily_wpplaceholder____ksc___" target="_blank">reliable security solution</a> that detects malicious attachments and blocks phishing websites.</li> </ul><p></p><p><a href="https://www.kaspersky.com/blog/covid-fake-delivery-service-spam-phishing/35125/" target="_blank">Source</a></p></blockquote><p></p>
[QUOTE="Bot, post: 877117, member: 52014"] It would be hard to find a sphere of human activity untouched by the coronavirus pandemic, and express delivery services are no exception. Transport flows between countries have been disrupted, and there is a [URL='https://www.forbes.com/sites/tedreed/2020/04/18/demand-for-air-cargo-capacity-is-urgent-and-huge---who-will-step-in-to-fill-it/']shortage[/URL] of cargo planes as people and companies continue to order goods both domestically and from abroad. Demand for some items has even [URL='https://www.nst.com.my/business/2020/03/579210/covid-19-malaysias-top-glove-overwhelmed-international-orders']shot up[/URL]. The spikes in demand are causing in-transit times to stretch out. As a result, customers are getting used to receiving apologetic messages from couriers linking to updated shipping status. Recently, we have observed a number of fake sites and e-mails supposedly from delivery services exploiting the coronavirus topic. Fraudsters are using both [URL='https://securelist.com/scammers-delivery-service-exclusively-dangerous/66515/']tried-and-true ploys[/URL] and new schemes. [SIZE=5][B]Spam with malicious attachments[/B][/SIZE] Spammers may pose as delivery service employees to persuade victims to open malicious e-mail attachments. The classic trick is to say that to receive a package that’s come in, the recipient must first read or confirm the information in an attached file. For example, a fake delivery notification e-mail in broken English says that a parcel cannot be delivered because of the pandemic, so the recipient needs to come to the warehouse and pick it up in person. The warehouse address and other details are, of course, said to be in the attachment — which, if opened, installs a Remcos backdoor on the computer. Cybercriminals can then make the PC join a botnet, or they might steal data or install other malware. [URL='https://media.kasperskydaily.com/wp-content/uploads/sites/92/2020/04/27101051/covid-delivery-service-spam-screen-1.png'][IMG alt="Fake delivery notification"]https://media.kasperskydaily.com/wp-content/uploads/sites/92/2020/04/27101051/covid-delivery-service-spam-screen-1.png[/IMG][/URL] Fake delivery notification The authors of another fake delivery e-mail use a similar trick, alleging that the company was unable to deliver the package because of a labeling error. The victim is asked to confirm the information in the attachment, which in fact contains another member of the Remcos family. [URL='https://media.kasperskydaily.com/wp-content/uploads/sites/92/2020/04/27101056/covid-delivery-service-spam-screen-2.png'][IMG alt="These crooks are pretending to be from a certain express delivery company, but the address gives them away"]https://media.kasperskydaily.com/wp-content/uploads/sites/92/2020/04/27101056/covid-delivery-service-spam-screen-2.png[/IMG][/URL] These crooks are pretending to be from a certain express delivery company, but the address gives them away Sometimes spammers insert images of documents in a message to add credibility. In the example below, scammers added a small image to the e-mail text. It appeared to be a receipt, but it was too small to read and did not change size when clicked, prompting the recipient to open the malicious attachment, whose name contains “.jpg.” If the recipient’s e-mail client does not display the file’s real extension, they might mistake such an attachment for the image. It’s actually an executable ACE archive containing the spyware program Noon. To rush the victim, the cybercriminals say they need the missing information urgently so as to deliver the parcel before lockdown. [URL='https://media.kasperskydaily.com/wp-content/uploads/sites/92/2020/04/27101102/covid-delivery-service-spam-screen-3.png'][IMG alt="Fake delivery service e-mail containing an archive with a double extension"]https://media.kasperskydaily.com/wp-content/uploads/sites/92/2020/04/27101102/covid-delivery-service-spam-screen-3.png[/IMG][/URL] Fake delivery service e-mail containing an archive with a double extension Another malicious e-mail topic that’s not new but is especially relevant in the current climate is delivery delays. The scenario is highly plausible: The scammers point the victim to an attachment that contains the Bsymem Trojan, which if executed enables the attackers to take control of the device and steal data. The bottom of the message includes a statement that it was scanned by a mail security solution and found to contain no malicious files or links, a claim designed to lull the recipient into a false sense of security. [URL='https://media.kasperskydaily.com/wp-content/uploads/sites/92/2020/04/27101108/covid-delivery-service-spam-screen-4.png'][IMG alt="Fake notification about a delivery delay due to COVID-19"]https://media.kasperskydaily.com/wp-content/uploads/sites/92/2020/04/27101108/covid-delivery-service-spam-screen-4.png[/IMG][/URL] Fake notification about a delivery delay due to COVID-19 Many spammers simply insert a mention of COVID-19 into their usual mailing templates, but some focus specifically on quarantines and the rapid spread of the pandemic. For example, in one story, the government had banned the import of any kind of goods into the country, so the package was returned to the sender. [URL='https://media.kasperskydaily.com/wp-content/uploads/sites/92/2020/04/27101114/covid-delivery-service-spam-screen-5.png'][IMG alt="Fraudsters claim that the government has banned the import of goods into the country"]https://media.kasperskydaily.com/wp-content/uploads/sites/92/2020/04/27101114/covid-delivery-service-spam-screen-5.png[/IMG][/URL] Fraudsters claim that the government has banned the import of goods into the country The attachment supposedly contains an order tracking number to request a reshipment after virus-related health restrictions subside. Opening the file, however, risks installing the Androm backdoor, which gives the attackers remote access to the computer. [SIZE=5][B]Phishing[/B][/SIZE] Scammers specializing in phishing attacks are also taking advantage of delivery market chaos. We detected highly believable copies of legitimate websites as well as fake tracking pages. All of them, of course, made mention of the coronavirus. For example, phishers targeting accounts of a delivery service customers replicated the company’s official homepage in detail, including the latest news about the pandemic. [URL='https://media.kasperskydaily.com/wp-content/uploads/sites/92/2020/04/27101124/covid-delivery-service-spam-screen-6-7.png'][IMG alt="Official website (left) and phishing resource made to look like this website (right)"]https://media.kasperskydaily.com/wp-content/uploads/sites/92/2020/04/27101124/covid-delivery-service-spam-screen-6-7.png[/IMG][/URL] Official website (left) and phishing resource made to look like this website (right) No less detailed is this clone of another delivery service website, which also mentions the latest coronavirus news. [URL='https://media.kasperskydaily.com/wp-content/uploads/sites/92/2020/04/27101831/covid-delivery-service-spam-screen-8.png'][IMG alt="Phishing resource made to look like another delivery service website"]https://media.kasperskydaily.com/wp-content/uploads/sites/92/2020/04/27101831/covid-delivery-service-spam-screen-8.png[/IMG][/URL] Phishing resource made to look like another delivery service website The authors of this fake portal for tracking packages added COVID-19 to the copyright line. There is little other information on the page: a form for entering credentials and a list of “partner” e-mail services. Needless to say, entering credentials on this resource sends them to the scammers, and the fate of the package will remain unknown. [URL='https://media.kasperskydaily.com/wp-content/uploads/sites/92/2020/04/27102318/covid-delivery-service-spam-screen-9.png'][IMG alt="Fake package tracking page"]https://media.kasperskydaily.com/wp-content/uploads/sites/92/2020/04/27102318/covid-delivery-service-spam-screen-9.png[/IMG][/URL] Fake package tracking page [SIZE=5][B]How not to swallow the bait[/B][/SIZE] Against the backdrop of the pandemic and the large number of genuine package delays, fake sites and e-mails have a good chance of success — especially if you really are expecting a package, or if, say, shipment details were sent to your work e-mail and you have reason to think that a colleague might have placed the order. To avoid getting hooked: [LIST] [*]Look carefully at the sender’s address. If the message came from a free e-mail service or contains a meaningless set of characters in the mailbox name, it’s most likely a fake. Keep in mind though, that [URL='https://www.kaspersky.com/blog/36c3-fake-emails/32362/']it’s possible to forge sender address[/URL]. [*]Pay attention to the text. A major company will never send e-mails with crookedly formatted text and bad grammar. [*]Do not open attachments in e-mails from delivery services, especially if the sender insists on it. Instead, log in to your personal account on the courier’s website, or manually enter the address of the service in your browser to check the tracking number. Do likewise if you received an e-mail urging you to click a link. [*]Take special care if a message makes any mention of coronavirus. Cybercriminals exploit hot topics to attract attention, so you should never rush to comply with such messages. [*]Install a [URL='https://www.kaspersky.com/advert/security-cloud?redef=1&THRU&reseller=gl_kdailyplacehold_acq_ona_smm__onl_b2c_kasperskydaily_wpplaceholder____ksc___']reliable security solution[/URL] that detects malicious attachments and blocks phishing websites. [/LIST] [url="https://www.kaspersky.com/blog/covid-fake-delivery-service-spam-phishing/35125/"]Source[/url] [/QUOTE]
Insert quotes…
Verification
Post reply
Top