Here’s an email I just received. Can you spot the little signs that this is malware?
The courier company was not able to deliver your parcel by your address.
Cause: Error in shipping address.
You may pickup the parcel at our post office personaly.
The shipping label is attached to this e-mail.
Print this label to get this package at our post office.
Please do not reply to this e-mail, it is an unmonitored mailbox!
DHL Global Forwarding Services.
attachement -> DHL_Label_3819.zip 23.9 kb
Here’s the little things that should clue you in that the attached zip file is malware.
Dear Customer! – Who addresses an email this way? If this were legit, DHL would have my name. Unless English is your second language, you know better than to end your salutation with an exclamation mark, too.
The courier company – Huh? DHL suddenly forgot their company name?
You may pickup the parcel at our post office personaly.[sic] – DHL would not refer to their facility as a “post office.” I would also hope a legitimate source would know how to spell “personally.”
Please attention! – More bad English. ESL is always a good sign the email is bogus.
ZIP – And finally we have the zip file attached. A legitimate email from DHL, FedEx, or UPS would have the tracking number and other details in the body of the email. If we weren’t fully convinced that this was all bogus, seeing the zip file attached should cinch it.
The subject line of the email was “DHL Customer Services. Get your parcel NR.5796”. I’ve never seen a package carrier who doesn’t love numbers. 5796 is a tad bit short. Normally package tracking codes or reference numbers are longer than your arm.
Keep your wits about you. Learn the signs of a malicious email.
- Bad English
- Unnecessary punctuation, often exclamation marks in hopes you’ll get excited, too.
- No reply return addresses. Though some companies use them, customer service contacts usually don’t. Legitimate customer service contacts would usually rather deal with you by email and provide an address.
- Things that just don’t add up like DHL forgetting its company name or referring to their facility as a post office.
Let’s be careful out there in the big scary interweb world, kids.