The latest fad for people looking to infect computers with malware involves convincing the victim that he’s missed a package delivery.
Whether it’s FedEx, UPS or even a completely made-up delivery company, hackers are sending “undelivered courier item” emails that masquerade as notifications that you’ve missed a package. And how convenient — they include a link to download the tracking info as a ZIP file! Here’s what they say over at Naked Security:
Of course, if you open the attachment or click on the link in one of these scams, you are immediately put into harm’s way: the attachment might try to trigger an exploit in your unpatched copy of Word, for instance, or the link might attack an unpatched Java plugin in your browser.
The takeaway here is to continue exercising good common sense online. Don’t download and install stuff unless you know what it is. If an email purports to be from UPS, check the email address to make sure it ends in “@ups.com.”
As electronic security continues to improve, hacking attempts like this will only be able to continue relying upon the occasional human carelessness in order to work.