Earlier today I posted an article entitled Why you need to check your emails carefully!, where I went into detail about a spam email I received which was made to look like it came from Apple. Well no more than 5 minutes after my post, I received another one, this time from Canada Post.

Unlike the one from Apple, the Canada Post email didn’t ask me to verify an account, this one was a Missed Delivery Notice. Again, under un-knowledgeable eyes this looks legit, and almost everyone one in Canada has received a package from Canada Post, which makes it just a bit easier to get scammed than the Apple.com email.

Here is a screencap of what I received:

fake email which looks like its from Canada Post

fake email which looks like its from Canada Post

Now just upon reading it, I know its fake, take a look at the word I underlined… “inboice”, spammers aren’t too swift, somebody turned spell checker off. Now one of the first things I do when I receive a shipment orients email, is to verify that the tracking number is legit. 9 times out of ten, scammers use an incorrect tracking number, here is what Canada Post’s official site told me about the number they used:

Invalid Tracking Number Confirmation

Invalid Tracking Number Confirmation

Now that alone states its a spam letter, but not everyone goes to verify stuff at the official site, nore does it always come up invalid (I have received a few which looked like they were from UPS and the tracking numbers checked out). So lets follow one of the steps from my previous article. By mousing over the link; Instead of going to the Canada Post link depicted in the email, it instead goes to another domain:

Unlike my previous example of Apple.com, this one doesn’t go to a web page, but instead links to an .zip file. As I had mentioned .zip files tended not to get scanned via virus protection on the email servers (if an attachment) and when its a link, its even worse, because its directly downloaded to your system.

Now again, in regards to what I am about to do, DO NOT DO THIS AT HOME (or the office, or your parents place, or anywhere, just don’t do it… I am a professional). Below you will find a screen cap of what is inside the zip file:

Zip file downloaded from fake site

Zip file downloaded from fake site

Now at first glance, you might think its a safe PDF file, after all the file says its a PDF in the name, however if you look closely at the extension, its a PIF file, which if double clicked will install a virus on your system. These files are hard to scan as they are, by Windows definition, a shortcut file, after I uncompressed it I right clicked it to try and scan it to find out what virus I was in store for (probably a trojan or another backdoor virus), however the option to scan didn’t appear because windows thought the file was a shortcut.

So to recap, a few more things to look out for:

1. Look for spelling errors, spammers are notorious for messing this one up.

2. Check if the tracking number exists (most of the time it doesn’t but sometimes it does, don’t rely on this alone.

3. Verify the link in your status bar (if your status bar is disabled, I would highly recommend enabling it.)

4. NEVER Open up Zip files from these emails. If the company was sending you a PDF file, it would be a PDF attachment or a link to a PDF file, NOT not a ZIP file. (Note, legit companies may send you .Zip files, but make sure before you open it that the email is legit, and you are expecting it).

5. Always make sure your Anti-Virus definitions are up to date (just in case you manage to ignore everything I have said in this and the previous article)

6. Again, never do what I did unless you are absolutely sure you know what you are doing. I am a professional Computer Technician and Network Administrator, I do this for a living.