USPS delivery failure report Email Scam - A Scammer is attached a zip file with a virus in it. Don't open it!

Fake "USPS Global" Email: Malware in an Email Attachment
The "USPS delivery failure report" Scam
With a ZIP file attachment Label-ID56753547.zip

You may have received an email like the one below that looks very authentic, like it came from USPS, or a phone call about the same subject. It is an attempt to get you to enter confidential information (typically a social security number, name, address, bank account information, etc., to allow the scammers to steal your identity and open credit cards in your name.

This email was not sent by USPS; USPS is a victim as well. This is referred to as spoofing (making a fake email that looks legitimate, "phishing" (when by email) or "vishing" (when by telephone). If you receive an email similar to the one below, DO NOT click on the link, and do not enter any information on the forms there. It should be obvious from the subject line alone, which is gibberish: "USPS delivery failure report"

The email has an attachment, Label-ID56753547.zip, which contains malware, usually a virus or Trojan.

Remember, no reputable business would send you an email or a phone call requesting your personal account information. Any such email you receive asking for this information should be considered phony and brought to the attention of the business being 'phished'.

Anytime you need to go to a website for your bank, credit card companies or other personal, financial or confidential information; do not follow a link in an email; just type their address in your browser directly (such as www.USPS.com )

Below are actual phishing emails that started circulating in early 2008. We have removed the the attached zip file.


 

-----Original Message-----
From: USPS client manager Lee Clement [mailto:reports@usps.com]
Sent: Friday, April 26, 2013 9:48 AM
Subject: USPS delivery failure report

 

USPS notification

 

Our company's courier couldn't make the delivery of parcel.

 

REASON: Postal code contains an error.

LOCATION OF YOUR PARCEL: New York

DELIVERY STATUS: sort order

SERVICE: One-day Shipping

NUMBER OF YOUR PARCEL: 31YSFKD53S

FEATURES: No

 

Label is enclosed to the letter.

Print a label and show it at your post office.

 

An additional information:

 

If the parcel isn't received within 30 working days our company will have the right to claim compensation from you for it's keeping in the amount of $8.26 for each day of keeping of it.

 

You can find the information about the procedure and conditions of parcels keeping in the nearest office.

 

Thank you for using our services.

USPS Global.

 


What is Phishing?

Phishing is an attempt by an individual or group to solicit personal information from unsuspecting users by employing social engineering techniques. Phishing emails are crafted to appear as if they have been sent from a legitimate organization or known individual. These emails often attempt to entice users to click on a link that will take the user to a fraudulent website that appears legitimate. The user then may be asked to provide personal information such as account usernames and passwords that can further expose them to future compromises. Additionally, these fraudulent websites may contain malicious code.

Learn More About Phishing

The following documents and websites can help you learn more about phishing and how to protect yourself against phishing attacks.


Methods of Reporting Phishing Email to US-CERT

  • In Outlook Express, you can create a new message and drag and drop the phishing email into the new message. Address the message to phishing-report@us-cert.gov  and send it.
  • In Outlook Express you can also open the email message* and select File > Properties > Details. The email headers will appear. You can copy these as you normally copy text and include it in a new message tophishing-report@us-cert.gov .
  • If you cannot forward the email message, at a minimum, please send the URL of the phishing website.

* If the suspicious mail in question includes a file attachment, it is safer to simply highlight the message and forward it. Some configurations, especially in Windows environments, may allow the execution of arbitrary code upon opening and viewing a malicious email message.


For more information about phishing, see this page.


Recommendations- What to do:

  • Only open email or IM attachments that come from a trusted source and that are expected
  • Use an anti-virus/anti-spam package (we recommend Norton 360 or Norton Internet Security scan all attachments prior to opening. Click here to see Norton 360 2013 on Amazon.com .
  • Delete the messages without opening any attachments
  • Do not click on links in emails that come from people you do not know and trust, even if it looks like it comes from a company you know.
  • Keep your anti-virus software up to date
  • Keep your operating system up to date with current security patches. Click here for an article that describes how to do this.

And please let us know about any suspicious calls or emails you receive.  We look for patterns so that we can alert the authorities and victims to new scams, before it is too late!

 


 

For a comprehensive list of national and international agencies to report scams, see this page.