Here at Quick Heal we constantly warn Internet users about the continuous outbreaks of fake USPS email scams. We have observed a continuous increase in the percentage of fake USPS emails over the past few months. Given below are some stats about the percentage of fake USPS emails out of the total fake emails reported.
|Month||Feb 12||March 12||April 12||May 12||Mid of June 12|
|% fake USPS Emails contributing||5%||6.1 %||7.4 %||10.5%||8.8%|
Internet users are getting several bogus emails about package deliveries. These contain attachments which when opened, install malwares like trojans, spyware or rogueware that can steal personal information. Given below is an email that I came across today.
This fraudulent email pretends to be from the U.S. Postal Service (USPS) and misleads a receiver about containing information about an attempted or intercepted package delivery. The fake email instructs the reader that detailed information about the package is present in the attachment. To further create a sense of urgency, the email states that the USPS will charge a fee to the receiver if they fail to pick the parcel within the next few days from the nearest USPS office.
The attachment contains an executable file which has a PDF file icon. This malware belongs to the TrojanDownloader.Dapato family. Upon execution it connects to a remote server to download and install other trojan backdoor files. Some downloaders from this family target specific files on remote websites while others target a specific URL that points to a website that contains an exploit code that may allow the site to automatically download and execute malicious files or code on vulnerable systems.
Quick Heal successfully detects and deletes attached files that are present in such fraudulent emails.