Malware on Laptop Computer
Home Malware Fake CargoSmart ‘Sea Waybill Notification’ Email Contains Malware

Fake CargoSmart ‘Sea Waybill Notification’ Email Contains Malware

by Brett M. Christensen

This email, which purports to be from shipment management software provider CargoSmart, claims to be a sea waybill notification about a recent shipment. The email claims that the Bill of Lading (BL) draft for the supposed shipment is ready for your review. The email includes an attached file that some recipients may believe contains the BL draft. 

However, the email is not from CargoSmart and the attached file does not contain a Bill of Lading or any other official document. Instead, the attached .zip file harbours a dangerous executable file that, if opened, can install malware on Windows-based computers.

The exact nature of the malware payload may vary. Typically, however, such malware can download further malware, steal sensitive information such as banking passwords, and allow online criminals to control the infected computer from afar.

This malware campaign is fairly sophisticated. The email includes the CargoSmart logo and links in the email open pages on the genuine CargoSmart website. The message even includes a privacy and security statement that you might expect to find in a genuine shipment notification. And, the sender email address has been spoofed to make it appear that the message really was sent by CargoSmart.

The scammers know that at least a few people will open the attached file because they think that they have received an unexpected shipment. Or, recipients may be concerned that their personal and financial information may have been compromised.

Such simple social engineering tricks can be very effective. A similar malware campaign that has claimed victims all around the world over the last several years consists of fake notification emails that claim that a package delivery has failed due to an addressing error. The emails include attachments that contain malware or link to malware websites.

If you receive one of these bogus CargoSmart emails, do not click any links or open any attachments that it contains. 

Example

Subject: OOCL – B/L:0427578788(XIN YANG PU DOQ7H) – BL Draft is Ready for Review

Dear Customer, CargoSmart is pleased to provide you with the following sea waybill notification:

SEA WAYBILL DETAILS RECEIVED FROM CARRIER
Carrier: OOCL
SEA WAYBILL Number: 0427578788

Document:
Document Type Number of Prints
Ver 2 Draft 3
Received on: 29 Sep 2015, 05:17 GMT
Vessel Voyage: XIN YANG PU DOQ7H
Shipper: DLEICA AUSTRALIA PTY LTD
Consignee: AISS CORPORATION – TOKYO
Shipper’s Reference:
Carrier Remarks:

For My OOCL Center user:
You can directly “Accept” this Draft B/L by the link: Accept
You can directly “Change Request” to this Draft B/L by the link: Change Request

For My CargoSmart Center user:
You can directly “Accept” this Draft B/L by the link: Accept
You can directly “Change Request” to this Draft B/L by the link: = Change Request

If you would like to check the details of this bill of lading document(s), please visit our CargoSmart Center at http://www.CargoSmart.com.

For Technical Support, please contact CargoSmart Support. For shipping assistance, please contact the carrier= customer service centers.

Thank you for using CargoSmart, the customer preferred choice.

CargoSmart Customer Care

CargoSmart Malware Email



Importance Notice

After considerable thought and with an ache in my heart, I have decided that the time has come to close down the Hoax-Slayer website.

These days, the site does not generate enough revenue to cover expenses, and I do not have the financial resources to sustain it going forward.

Moreover, I now work long hours in a full-time and physically taxing job, so maintaining and managing the website and publishing new material has become difficult for me.

And finally, after 18 years of writing about scams and hoaxes, I feel that it is time for me to take my fingers off the keyboard and focus on other projects and pastimes.

When I first started Hoax-Slayer, I never dreamed that I would still be working on the project all these years later or that it would become such an important part of my life. It's been a fantastic and engaging experience and one that I will always treasure.

I hope that my work over the years has helped to make the Internet a little safer and thwarted the activities of at least a few scammers and malicious pranksters.

A Big Thank You

I would also like to thank all of those wonderful people who have supported the project by sharing information from the site, contributing examples of scams and hoaxes, offering suggestions, donating funds, or helping behind the scenes.

I would especially like to thank David White for his tireless contribution to the Hoax-Slayer Facebook Page over many years. David's support has been invaluable, and I can not thank him enough.

Closing Date

Hoax-Slayer will still be around for a few weeks while I wind things down. The site will go offline on May 31, 2021. While I will not be publishing any new posts, you can still access existing material on the site until the date of closure.

Thank you, one and all!

Brett Christensen,
Hoax-Slayer