USPS Mail Scams

USPSDid you get an email from “USPS Mail” saying that they couldn’t deliver your package and you’ll have to retrieve it within 30 days to avoid penalty fees?

Cybercriminals are giving USPS impersonations another shot in order to plant malware on unsuspecting user machines, and unless the recipient’s computer is protected by 1 of the 7 antivirus programs that are capable of detecting the malware attached to the email, their efforts will definitely not be in vain.

The USPS spam messages, titled “Postal label contains detailed information” follow the typical USPS spam protocol, telling the user that there was a problem delivering a package and instructing them to download an attached file (in this case, Label_Parcel_ID2564US.zip) that supposedly contains the shipping label required to rectify the problem.

Here’s a copy of the USPS spam email:

USPS Postal Label Spam

Notification,

Our company’s courier couldn’t make the delivery of parcel.

Reason Postal code contains an error.
LOCATION OF YOUR PARCEL:KnoxvilleFort
DELIVERY STATUS: sort order
SERVICE: One-day Shipping
NUMBER OF YOUR PARCEL:U746093294 NU
FEATURES: No

Label is enclosed to the letter.
Print a label and show it at your post office.

An additional information:

If the parcel isn’t received within 30 working days our company will have the right to claim compensation from you for it’s keeping in the amount of $8.26 for each day of keeping of it.

You can find the information about the procedure and conditions of parcels keeping in the nearest office.

Thank you for using our services.
USPS Global.

Label_Parcel_ID2564US.zip VirusTotal Scan ResultsShould the recipient make the mistake of downloading and opening the file attached, their computer will become infected with an elusive piece of malware that Kaspersky identifies as Trojan-Dropper.Win32.Dapato.bcbf.

One alarming thing discovered about this piece of malware is that according to the scan report from VirusTotal, only 7/42 antivirus applications are capable of detecting Trojan-Dropper.Win32.Dapato.bcbf. Only computers running antivirus by F-Prot, TrendMicro (or TrendMicro Housecall), ClamAV, Kaspersky, Dr. Web, Commtouch will be spared from infection.

What to Do with USPS Spam

If you receive the email outlined above or another one like it (USPS spam is quite common) then it’s strongly recommended that you do the following:

  • Avoid downloading or opening any attached files. (Don’t click on any links within the email either.)
  • Delete the email immediately.

Have you received this USPS spam variant? There are a few of them floating around out there. Feel free to share your experience below!

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

This entry was posted in Computer Security and tagged , .
Follow any comments here with the RSS feed for this post. Trackbacks are closed, but you can post a comment.
  • http://www.hyphenet.com/blog Hyphenet

    Hi Pat, thanks for sharing. You can go to http://ehome.uspis.gov/fcsexternal/default.aspx and make a claim. Although, it is very hard and costly to track down these scammers. When it comes to the Postal Service I would think they would look at this as a threat to their company and do some investigating.

    Hopefully our system will find a way to help protect us against crimes like this.

  • Pat Mitchell

    I received the ‘courier cann’t ‘ on the 17th and resisted opening the attachment! Is there anyone investigating the source? As well as myself the two other on the recipient list were Chidrenoftheworldmm and Joan Delaney. Both unknown to me. Thanks for information .

  • Edward

    Unfortunately a household member opened this email and clicked the link. I’m guessing that computer is now infected (Norton missed it). My question is in regards to the other PC computers on my home network.

    The infected computer is new to the house and though it was plugged in to the network, I never connected it to a workgroup (via workgroup password ID). Do I need to reformat all three additional computers in my house because they were connected?

    Any thoughts would be appreciated.

    • http://www.hyphenet.com/blog Hyphenet

      The reason why Norton might have missed it is because you might have agreed to the infection. Did you agree to an update or an install?

      All the other computers should be fine. Since it wasn’t connected to a workgroup, there is no reason to believe they are infected from the same virus. Your computer may not be infected either though. They might have tried to capture information from the computer. What happened after the link was clicked?

  • http://www.hyphenet.com/blog Hyphenet

    Wow it’s a good thing you caught that. When something looks suspicious in an email, always mouse over the title bar to see if there is a different browser address. Or even right-click and view source to see if the code is showing up something way different than the page. If you are not very technical, you can always call USPS, they are well aware of these types of scams. Good luck to you! Keep your email safe, check out this blog for some cool tips http://www.hyphenet.com/blog/long-passwords/

  • Pointerdog

    Thank heavens for your site. I almost opened it, but the spelling mistake in the email made me suspicious so I looked it up ‘Our company’s courier cann’t make the delivery of package’ D’oh! Thank you.

  • http://www.hyphenet.com/blog Hyphenet

    That’s great that you caught that. Skimming through content can cost you. Did you notify UPS?

  • THOMAS HOOK

    I GOT THIS YESTERDAY IF YOU KNOW ANYBODY WHO GETS ONE DELETE STRAIGHT AWAY DONT OPEN I HAVE HAD TO CLEAN MY COMPUTER AND REBOOT IT………………………………………………………………………………………………………………………..USPS Notification

    Our company`s courier couldn`t make the delivery of parcel.

    REASON: Postal code contains an error
    DELIVERY STATUS: sort order
    SERVICE: Two-day shipping
    NUMBER OF parcel: GJ5IIXIQ0E
    FEATURES: No

    Open the attached file for details.

    An extra information:

    If the parcel isn`t received within 5 working days our company will have the right to claim compensation from you for it`s keeping in the amount of $5.55 for each day of keeping of it.
    Thank you for using our service.
    USPS Global

    © 2013 Microsoft

    Terms

    Privacy

    • http://www.hyphenet.com/blog Hyphenet

      Thanks for sharing!

  • Almost fooled!

    Yes, received an email saying almost the same thing. Different location, I think the cost per day was different. My email said something about USPS Global notify 1F41KTNWKG. It seemed fishy, so I checked online and found your site. I easily could have been fooled by this though as I recently had a package that could not be delivered and I had to track it down, etc. I followed the advice here and quickly deleted the message and then emptied my trash can. Thank you.

    • http://www.hyphenet.com/blog Hyphenet

      Your welcome! You never know whats a scam these days. Unfortunately we have to be cautious of everything. Mail, emails, phone calls…

© 2014 Hyphenet, Inc.
1761 Hotel Circle S, Suite 350, San Diego, CA 92108

All rights reserved. Reproduction in whole or in part in any form or medium without express written permission is prohibited.

Hyphenet IT Security Blog located at 1761 Hotel Circle South, Suite 350 , San Diego, CA . Reviewed by 91 customers rated: 3.8 / 5