This week’s scam focuses on a social engineering campaign in an attempt to impersonate the United States Postal Service. The security research team at AppRiver first spotted this phishing blast late last week. In the campaign, an email contains fraudulent information about a package delivery. The message states that there is an issue with the package and in order to resolve this, the email recipient must click on the link provided.
The cyber criminals use URL obfuscation in the message to deceive recipients into thinking the link provided is an official USPS.com file download. Upon closer look, the URL points to an exploited Google Docs link. Not much else is known about the campaign other than the usual red flags (spoofed sender address, compromised sending IP address etc.) Our team has seen various samples of this campaign including similar ones utilising FedEx and UPS as the targeted company along with different verbiage directing users to the malicious payload. Users are advised to take extreme caution when receiving unexpected emails from shipping companies that contain generic and ominous messages regarding issues with package delivery. Pay close attention to the message itself, looking for clues like URL obfuscation and questionable verbiage to help determine the legitimacy of a message. When in doubt, it never hurts to call the shipping company to obtain details regarding an expected package delivery.
AppRiver’s SecureTide engine has various rules in place to stop this phishing campaign. at the time of this writing, an estimated 9300 emails have been blocked from reaching customer’s inboxes.