Malicious email simultaneously impersonates UPS and FedEx
Posted on 07.12.2012
Malicious notifications supposedly coming from major courier delivery services companies are nothing new, but they still must catch enough users off guard.

This latest one is particular enough to be worth mentioning, as the subject line sports the name of one company and the message is signed with the name of another:

The email body contains the usual "you weren't at home, print this receipt to claim the package" message and urges users to download the attached file - in this case an executable masquerading as a Word file and hiding in a zip file.

The file is, of course, a piece of malware that deletes the original file, creates hidden files and makes network connections.

"These infection files have been linked to ransomware, in this case something called 'Wheelsof' and you may well find yourself locked out of your PC if unfortunate enough to fall for this one," Chris Boyd warns.

I understand that spotting spelling or grammar mistakes in fake messages might not be some users' forte, but I wonder just how many of them would spot a glaring mistake such as this one.


VPN protocol flaw allows attackers to discover users' true IP address

The team running the Perfect Privacy VPN service has discovered a serious vulnerability that affects all VPN providers that offer port forwarding, and which can be exploited to reveal the real IP address of users.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Tue, Dec 1st