We use cookie files to improve site functionality and personalisation. By continuing to use HUKD, you accept our cookie and privacy policy.

FedEx email scam

fezza1970 Avatar
fezza19702y, 4m agoPosted 2 years, 4 months ago
Basically it’s a new email scam, they pretend to have tried to deliver a parcel and ask you to download a zip file with the parcel info which looks like it hold’s a word document, when you open it, it will infect your computer

See the info below



Fake delivery notification gets confused, has nice lie down Chris Boyd on December 5, 2012 Looks like some scammers had a bit of a mix-up while counting out their cash on a gold plated yacht.



Click to Enlarge

Here’s the contents of the mail. The text in bold is a not-very-subtle clue:

“The UPS Office“:

Order: SD-5468-482485468
Order Date: Monday, 2 December 2012, 11:23 AM
Dear Customer,
Your parcel has arrived at the post office at December 4.Our postrider was unable to deliver the parcel to you.
To receive a parcel, please, go to the nearest our office and show this postal receipt.Order: SD-5468-482485468
Order Date: Monday, 2 December 2012, 11:23 AM
Dear Customer,
Your parcel has arrived at the post office at December 4.Our postrider was unable to deliver the parcel to you.
To receive a parcel, please, go to the nearest our office and show this postal receipt.

Best regards,
The FedEx Team

Whoops.

You’ll be happy to know that some web browsers are onto this slice of trickery. Attempting to download the offered file with Chrome (for example) pops the following warning message:



So that’s good. If you still end up with the file on your PC – maybe your browser doesn’t catch it, or maybe you just really want some Malware for Christmas – the “postal receipt” will appear to be a Word document lurking inside a zip file.

It isn’t a word document:



Opening the “Word document” (which is actually just an executable file in disguise) will infect your PC with a little something we detect as Trojan.Win32.Generic.pak!cobra. Before you know it, your Trojan chum will delete the original file, create hidden files and make network connections…generally not typical behaviour where a postal receipt is concerned (unless you live in the Eighth Circle of Hell).

These infection files have been linked to Ransomware, in this case something called “Wheelsof” and you may well find yourself locked out of your PC if unfortunate enough to fall for this one. A lot of these fake delivery notices are pretty convincing, but hopefully the peculiar mashup of FedEx and UPS is the kind of tip-off that’s up there with Pippin lighting the Warning Beacons of Gondor.

fezza1970 Avatar
fezza19702y, 4m agoPosted 2 years, 4 months ago
Options

All Comments

(25) Jump to unreadPost a comment
Comments/page:
Page:
dbhoy 3 Likes #1
If anyone is silly enough to open a shipping confirmation from a zip file then tough.
cdm22#2
Yet another scam that has been doing the rounds for years :D As is said on every thread about these things DO NOT OPEN ANY ATTACHED DOCUMENTS TO EMAILS from people you are not expecting them from.
miikeyblue 4 Likes #3
Email scam, yes.

New email scam, no.
muzzzzzzzzzy#4
This has been around for a while, but it's mostly targeted at corporate email accounts so it mostly never makes it to the inbox
DestinyCalls815#5
Dear Customer ?

Why would you're parents give you a name like that ?
dawnheadley2#6
is this same 1 from last year that there hack ur computer and bank detail
there was a warning about this on facebook 2 day ago
thesaint#7
Thanks for sharing.
guilbert53#8
Ransomware can easily lock you out of your computer totally (as happened to my sons PC).

Luckily we had a "spare" Windows user on that computer and I was able to still logon and run security software to get rid of it.

It is a good idea to set up a spare Windows account on every Windows computer, just in case you get locked out of one of them by this ransomware.

Edited By: guilbert53 on Dec 06, 2012 19:05
fezza1970#9
dbhoy
If anyone is silly enough to open a shipping confirmation from a zip file then tough.
At this time of year, people are waiting for parcels to be delivered, maybe worrying that they missed them while at work and let their defences drop, its not a bad thing to bring this to the attention of people
smith85#10
I've just had this one ;-)
FedExOrder: VGH-0988-5214830362
Order Date: Friday, 14 December 2012, 01:21 PM
Dear Customer,
Your parcel has arrived at the post office at December 20.
Our courier was unable to deliver the parcel to you.To receive a parcel, p *+++ lease, go to the nearest our office and show this receipt.   
  DOWNLOAD POSTAL RECEIPT
Best Regards, The FedEx Team.©

Mmm to receive "a" parcel and "p*+++ lease"
FedEx 1995-2012
monicathomas33886#11
Can anyone help with this one? I opened the damned thing because I was actually expecting an OS package. My antivirus prevented it downloading, but now a screen to download Defender 7 dominates my computer and won't let me access anything else. I'm technically illiterate so don't know if this is part of the bug or a genuine requirement of the inbuilt antivurus that came installed when I purchased the computer. HELP!!!!!!
fezza1970#12
monicathomas33886
Can anyone help with this one? I opened the damned thing because I was actually expecting an OS package. My antivirus prevented it downloading, but now a screen to download Defender 7 dominates my computer and won't let me access anything else. I'm technically illiterate so don't know if this is part of the bug or a genuine requirement of the inbuilt antivurus that came installed when I purchased the computer. HELP!!!!!!
Try booting in safe mode (press F8 rapidly when turning on, if it gets to the widows logo you missed it) select safe mode. then go to start / all programs / accessories /tools /system restore/ and restore to a date it worked well, I usually go back a few weeks depending on what I have installed, if you haven’t installed anything go back as far as it will let you.
Also Try a malware program malwarebytes is good
anony1231#13
The contents of my scam mail:

Order: MNR-8062-1376268269
Order Date: Tuesday, 3 December 2012, 03:44 PM
Dear Customer,

Your parcel has arrived at the post office at December 18.Our courier was unable to deliver the parcel to you.

To receive a parcel, please, go to the nearest our office and show this receipt.



DOWNLOAD POSTAL RECEIPT


Best Regards, The FedEx Team.
Inactive#14
anony1231
The contents of my scam mail:

Order: MNR-8062-1376268269
Order Date: Tuesday, 3 December 2012, 03:44 PM
Dear Customer,

Your parcel has arrived at the post office at December 18.Our courier was unable to deliver the parcel to you.

To receive a parcel, please, go to the nearest our office and show this receipt.



DOWNLOAD POSTAL RECEIPT


Best Regards, The FedEx Team.


Surely anybody can see the grammatical mistake/s in this line and question it's legitimacy.
h4mza#15
Still yet to get infected :D
underthestairs#16
anony1231
The contents of my scam mail:

Order: MNR-8062-1376268269
Order Date: Tuesday, 3 December 2012, 03:44 PM
Dear Customer,

Your parcel has arrived at the post office at December 18.Our courier was unable to deliver the parcel to you.

To receive a parcel, please, go to the nearest our office and show this receipt.



DOWNLOAD POSTAL RECEIPT


Best Regards, The FedEx Team.

had the same,could tell straight away it wasn't legit from the mistakes

'go to the nearest our office and show this receipt.' alarm bells !
marco0909#17
for starters fedex in the uk do not email customers telling them we couldnt deliver a parcel. we actually attempt a delivery and post a card through the door. thats the only way.
secondly the tracking numbers they use are wrong . its 11 numbers . With an international delivery there is also a 16 digit tracking number. no letters are used.
thirdly the logo on these emails is wrong. fedex is slightly more squashed together . fed and ex are not seperated.
brilly#18
scam emails? whats are they?
miikeyblue 1 Like #19
brilly
scam emails? whats are they?

They're a myth brilly, nothing to worry about. What's your email address btw? I know a nigerian prince who's holding $2,000,000,000,000,000 in your name, and he wants to get in touch. Drop me a PM.
brilly 1 Like #20
miikeyblue
brilly
scam emails? whats are they?


They're a myth brilly, nothing to worry about. What's your email address btw? I know a nigerian prince who's holding $2,000,000,000,000,000 in your name, and he wants to get in touch. Drop me a PM.

ah its np - hes already contacted me.
sent him my details and the funds seeing as the money was all in diamonds - should be with me shortly.

Post a Comment

You don't need an account to leave a comment. Just enter your email address. We'll keep it private.

...OR log in with your social account