We use cookie files to improve site functionality and personalisation. By continuing to use HUKD, you accept our cookie and privacy policy.
Close

FedEx email scam

fezza1970fezza1970

Basically it’s a new email scam, they pretend to have tried to deliver a parcel and ask you to download a zip file with the parcel info which looks like it hold’s a word document, when you open it, it will infect your computer

See the info below



Fake delivery notification gets confused, has nice lie down Chris Boyd on December 5, 2012 Looks like some scammers had a bit of a mix-up while counting out their cash on a gold plated yacht.



Click to Enlarge

Here’s the contents of the mail. The text in bold is a not-very-subtle clue:

“The UPS Office“:

Order: SD-5468-482485468
Order Date: Monday, 2 December 2012, 11:23 AM
Dear Customer,
Your parcel has arrived at the post office at December 4.Our postrider was unable to deliver the parcel to you.
To receive a parcel, please, go to the nearest our office and show this postal receipt.Order: SD-5468-482485468
Order Date: Monday, 2 December 2012, 11:23 AM
Dear Customer,
Your parcel has arrived at the post office at December 4.Our postrider was unable to deliver the parcel to you.
To receive a parcel, please, go to the nearest our office and show this postal receipt.

Best regards,
The FedEx Team

Whoops.

You’ll be happy to know that some web browsers are onto this slice of trickery. Attempting to download the offered file with Chrome (for example) pops the following warning message:



So that’s good. If you still end up with the file on your PC – maybe your browser doesn’t catch it, or maybe you just really want some Malware for Christmas – the “postal receipt” will appear to be a Word document lurking inside a zip file.

It isn’t a word document:



Opening the “Word document” (which is actually just an executable file in disguise) will infect your PC with a little something we detect as Trojan.Win32.Generic.pak!cobra. Before you know it, your Trojan chum will delete the original file, create hidden files and make network connections…generally not typical behaviour where a postal receipt is concerned (unless you live in the Eighth Circle of Hell).

These infection files have been linked to Ransomware, in this case something called “Wheelsof” and you may well find yourself locked out of your PC if unfortunate enough to fall for this one. A lot of these fake delivery notices are pretty convincing, but hopefully the peculiar mashup of FedEx and UPS is the kind of tip-off that’s up there with Pippin lighting the Warning Beacons of Gondor.

All Comments (25)

Jump to unread Post a Comment
1
    dbhoy
    If anyone is silly enough to open a shipping confirmation from a zip file then tough.
    cdm22
    Yet another scam that has been doing the rounds for years :D As is said on every thread about these things DO NOT OPEN ANY ATTACHED DOCUMENTS TO EMAILS from people you are not expecting them from.
    miikeyblue
    Email scam, yes.

    New email scam, no.
    muzzzzzzzzzy
    This has been around for a while, but it's mostly targeted at corporate email accounts so it mostly never makes it to the inbox
    DestinyCalls815
    Dear Customer ?

    Why would you're parents give you a name like that ?
    dawnheadley2
    is this same 1 from last year that there hack ur computer and bank detail
    there was a warning about this on facebook 2 day ago
    thesaint
    Thanks for sharing.
    guilbert53
    Ransomware can easily lock you out of your computer totally (as happened to my sons PC).

    Luckily we had a "spare" Windows user on that computer and I was able to still logon and run security software to get rid of it.

    It is a good idea to set up a spare Windows account on every Windows computer, just in case you get locked out of one of them by this ransomware.

    Edited By: guilbert53 on Dec 06, 2012 19:05
    fezza1970
    dbhoy
    If anyone is silly enough to open a shipping confirmation from a zip file then tough.
    At this time of year, people are waiting for parcels to be delivered, maybe worrying that they missed them while at work and let their defences drop, its not a bad thing to bring this to the attention of people
    smith85
    I've just had this one ;-)
    FedExOrder: VGH-0988-5214830362
    Order Date: Friday, 14 December 2012, 01:21 PM
    Dear Customer,
    Your parcel has arrived at the post office at December 20.
    Our courier was unable to deliver the parcel to you.To receive a parcel, p *+++ lease, go to the nearest our office and show this receipt.   
      DOWNLOAD POSTAL RECEIPT
    Best Regards, The FedEx Team.©

    Mmm to receive "a" parcel and "p*+++ lease"
    FedEx 1995-2012
    monicathomas33886
    Can anyone help with this one? I opened the damned thing because I was actually expecting an OS package. My antivirus prevented it downloading, but now a screen to download Defender 7 dominates my computer and won't let me access anything else. I'm technically illiterate so don't know if this is part of the bug or a genuine requirement of the inbuilt antivurus that came installed when I purchased the computer. HELP!!!!!!
    fezza1970
    monicathomas33886
    Can anyone help with this one? I opened the damned thing because I was actually expecting an OS package. My antivirus prevented it downloading, but now a screen to download Defender 7 dominates my computer and won't let me access anything else. I'm technically illiterate so don't know if this is part of the bug or a genuine requirement of the inbuilt antivurus that came installed when I purchased the computer. HELP!!!!!!

    Try booting in safe mode (press F8 rapidly when turning on, if it gets to the widows logo you missed it) select safe mode. then go to start / all programs / accessories /tools /system restore/ and restore to a date it worked well, I usually go back a few weeks depending on what I have installed, if you haven’t installed anything go back as far as it will let you.
    Also Try a malware program malwarebytes is good
    anony1231
    The contents of my scam mail:

    Order: MNR-8062-1376268269
    Order Date: Tuesday, 3 December 2012, 03:44 PM
    Dear Customer,

    Your parcel has arrived at the post office at December 18.Our courier was unable to deliver the parcel to you.

    To receive a parcel, please, go to the nearest our office and show this receipt.



    DOWNLOAD POSTAL RECEIPT


    Best Regards, The FedEx Team.
    Inactive
    anony1231
    The contents of my scam mail:

    Order: MNR-8062-1376268269
    Order Date: Tuesday, 3 December 2012, 03:44 PM
    Dear Customer,

    Your parcel has arrived at the post office at December 18.Our courier was unable to deliver the parcel to you.

    To receive a parcel, please, go to the nearest our office and show this receipt.



    DOWNLOAD POSTAL RECEIPT


    Best Regards, The FedEx Team.


    Surely anybody can see the grammatical mistake/s in this line and question it's legitimacy.
    h4mza
    Still yet to get infected :D
    underthestairs
    anony1231
    The contents of my scam mail:

    Order: MNR-8062-1376268269
    Order Date: Tuesday, 3 December 2012, 03:44 PM
    Dear Customer,

    Your parcel has arrived at the post office at December 18.Our courier was unable to deliver the parcel to you.

    To receive a parcel, please, go to the nearest our office and show this receipt.



    DOWNLOAD POSTAL RECEIPT


    Best Regards, The FedEx Team.


    had the same,could tell straight away it wasn't legit from the mistakes

    'go to the nearest our office and show this receipt.' alarm bells !
    marco0909
    for starters fedex in the uk do not email customers telling them we couldnt deliver a parcel. we actually attempt a delivery and post a card through the door. thats the only way.
    secondly the tracking numbers they use are wrong . its 11 numbers . With an international delivery there is also a 16 digit tracking number. no letters are used.
    thirdly the logo on these emails is wrong. fedex is slightly more squashed together . fed and ex are not seperated.
    brilly
    scam emails? whats are they?
    miikeyblue
    brilly
    scam emails? whats are they?


    They're a myth brilly, nothing to worry about. What's your email address btw? I know a nigerian prince who's holding $2,000,000,000,000,000 in your name, and he wants to get in touch. Drop me a PM.
    brilly
    miikeyblue
    brilly
    scam emails? whats are they?


    They're a myth brilly, nothing to worry about. What's your email address btw? I know a nigerian prince who's holding $2,000,000,000,000,000 in your name, and he wants to get in touch. Drop me a PM.

    ah its np - hes already contacted me.
    sent him my details and the funds seeing as the money was all in diamonds - should be with me shortly.

Post a Comment

You don't need an account to leave a comment. Just enter your email address. We'll keep it private.

I Approve
Your Comments On This Post
Comment Preview
Close

PRIVATE MESSAGE

Close
Sorry, you can’t currently send PMs. Once you’re a more active member of the forum, the PM service will be unlocked for you.
Welcome to HUKD!
Close
Join the Community