Recent broadcasts from security communities and publications are warning of a new Malware threat, disguised as originating from Royal Mail. The fraudulent email appearing to originate from the email account ‘email@example.com’, is structured to notify the recipient that they have an undelivered package. The message then goes on to request that the recipient completes an attached form to the email, with the required details to process the delivery. However, upon opening the attachment identified as ‘royal_mail_shipping.exe’, a harmful Malware is triggered, which will then begin to install onto the victims system. Below is a sample of the email distributed;
Mail – Lost / Missing package – UK Customs and Border Protection
Royal Mail has detained your package for some reason (for example, lack of a proper invoice, bill of sale, or other documentation, a possible trademark violation, or if the package requires a formal entry) the RM International Mail Branch holding it will notify you of the reason for detention (in writing) and how you can get it released.
Please fulfil the documents attached.
Reports from security communities have identified the Malware having the ability to reconfigure system Registry and Firewall settings, potentially further compromising the victim. Additionally, the malicious program is also capable of harvesting data from the compromised system. This poses a major risk to businesses and individuals, whose private data may fall into unwarranted hands.
In response to the threat, Royal Mail has issued the following advice for their customers:
Advice from Royal Mail
- Royal Mail will never send an email asking for credit card numbers or other personal or confidential information.
- Royal Mail will never ask customers to enter information on a page that isn’t part of the Royal Mail website.
- Royal Mail will never include attachments unless the email was solicited by customer e.g. customer has contacted Royal Mail with an enquiry or has signed up for updates from Royal Mail.
- Royal Mail have also stressed that they do not receive a person’s email address as part of any home shopping experience.
This is not the first time and undoubtedly not the last, that opportunistic fraudsters have attempted to profit behind the mask of a courier service. In recent years similar attacks have been identified, disguised as originating from DHL, USPS & FedEx.
In order to best protect your system from falling victim, Action Fraud recommends if you receive one of these emails you should delete it immediately, report it to Action Fraud or the National Fraud Intelligence Bureau (NFIB) and don’t download the attached zip file. Additionally, ensure that all security setting and software are up to date for the system, to help detect and prevent malicious threats.