You have a delivery—malware: cybercriminals abuse delivery services in the age of social distancing

Kaspersky researchers recently discovered a series of spam and phishing attacks seeking to exploit the coronavirus pandemic by targeting people who are waiting on packages.

These scammers often pose as delivery service employees saying that a package has arrived, but, to receive it, the potential victim must read or confirm the information in the attached file. Once the victim opens the attachment, however, malware is downloaded on their computer or phone.

The latter, for instance, includes a backdoor called Remcos onto the device. This malware can turn the PC into a bot, steal data, or download additional malware.

Phishers have also been creating highly believable copies of webpages for popular delivery services as a way to hunt for credentials. Potential victims are encouraged to input their details—such as their email and password—into the website in order to track their packages.

“The unfolding pandemic has created chaos in many industries—including delivery services—and it’s not surprising that cybercriminals would try to use this to their advantage. With people regularly receiving notifications about delivery delays or item shortages and without the option to purchase needed items in stores, these types of scams have a high chance of success. Even though everyone is anxious to receive their orders, it’s important to always carefully assess where these emails are coming from and make sure the webpage address is correct,” says Tatyana Shcherbakova, senior web content analyst.

To avoid falling victim to coronavirus-themed spam and phishing campaigns, Kaspersky experts recommend:

• Look carefully at the sender’s address: if it comes from a free e-mail service or contains meaningless characters, it’s most likely fake.
• Pay attention to the text: well-known companies wouldn’t send emails with poor formatting or bad grammar.
• Don’t open attachments or click on links in emails from delivery services, particularly if the sender insists upon it. It’s better to go to the official website directly and log into your account from there.
• Use a reliable security solution like that identifies malicious attachments and blocks phishing sites.