Readers are advised to be very careful while opening any email received from Royal Mail, for it is being used by the makers of the dangerous Ransomware known as ‘CryptoLocker’. This is especially true for the readers based in United Kingdom. In a advisory issued by the United Kingdom Police, the mail purporting to be from the Royal Mail contains the malware in its second attachment.
The fake emails have been identified and studied by MX Lab. MX Lab has indicated that the emails are being send from a spoofed address called “Royal Mail Group” and contain the following content.
Mail – Lost / Missing package – UK Customs and Border Protection
Royal Mail has detained your package for some reason (for example, lack of a proper invoice, bill of sale, or other documentation, a possible trademark violation, or if the package requires a formal entry) the RM International Mail Branch holding it will notify you of the reason for detention (in writing) and how you can get it released.
Please fulfil the documents attached.
The mail has two attachments (zip files) and the second one contains the malware which has the CryptoLocker as its payload. Download the attachment immediately triggers the installation of the CryptoLocker, the most dreaded Ransomware. In addition the downloaded malware will steal information from your internet browsers cache memory, change your firewall settings and finally modify the Windows Registry keys.
CryptoLocker will encrypt all the data on the computer, including photos, music and personal files, using a RSA-1024 key with a Triple DES algorithm. The malware may not be detected by Anti Virus installed on your computer. Its unique coding makes it hard for any AV to identify, deactivate or quarantine the malware. It also means that you have no other way out then to accept the Ransom demand from the CryptoLocker makers or wipe your computer clean.
It is also known that, people in UK generally trust any mail perceived to be sent from the Royal Mail, as such, Royal Mail has come out with a list of do nots to safeguard users against this malice.
Advice from Royal Mail
Royal Mail will never send an email asking for credit card numbers or other personal or confidential information.
Royal Mail will never ask customers to enter information on a page that isn’t part of the Royal Mail website.
Royal Mail will never include attachments unless the email was solicited by customer e.g. customer has contacted Royal Mail with an enquiry or has signed up for updates from Royal Mail.
Royal Mail have also stressed that they do not receive a person’s email address as part of any home shopping experience.