Bogus Royal Mail emails deliver malware

UK-based Internet users should be on the lookout for spoofed Royal Mail emails, as cyber crooks have decided to impersonate the institution and try to deliver malware to unsuspecting victims, warns Sophos.

The emails resemble the ones supposedly sent by delivery services, as it tries to trick the recipients into downloading and opening the file in the attachment:

The email does have a veneer of legitimacy as the criminals used the Royal Mail logo and spoofed the “From” email address to seem like the message is coming from the organization.

The file in the attachment is a ZIP file and supposedly a shipping advisory, and inside it is an executable named royal_mail_shipping.exe. But the harmless name hides the file’s sinister nature, and careless users will be served with a Trojan that opens a backdoor into their computer and the way for additional infections.