Message purporting to be from delivery company TNT Express claims that the service could not make delivery of a parcel and you should click a link to get a postal receipt.
The email is not from TNT. Clicking the link opens a compromised website that harbours malware. Similar malware emails claim to be from other well-known delivery companies, including FedEx, UPS, USPS, and DHL. If you receive one of these bogus ‘delivery failure’ emails, do not click any links or open any attachments that they contain.
Courier service could not make the delivery of your parcel.
Get Postal Receipt
According to this ‘Delivery Notification’ email, which claims to be from delivery company TNT, the courier service could not make delivery of your parcel.
The email instructs you to click a button to get a postal receipt for the undelivered parcel.
The message uses the orange TNT colour scheme and, at first take, may appear to be a genuine TNT Express delivery notification.
However, the email is not from TNT and the claim that you have an undelivered parcel is just a ruse to trick you into clicking the link.
The link opens a compromised website that contains malware. Once on the site, you may be told that you must download a file to view and print your ‘postal receipt’. However, downloading and opening the file will install the malware on your computer.
The exact type of malware downloaded may vary in different incarnations of these attacks. Typically, however, such malware may harvest sensitive information from your computer and send it to criminals. It may also download further malware and allow criminals to take control of your computer.
The same ‘parcel delivery failure’ tactic has been used a number of times to distribute malware. Very similar malware messages have claimed to be from FedEx, USPS, UPS, DHL, Royal Mail and several other high-profile delivery companies and mail services around the world.
Some, like the TNT version, ask you to click a link that opens a malware website. Others hide the malware in an attached file.
Be wary of any unsolicited message that claims that a parcel delivery has failed and asks you to click a link or open an attachment to print a receipt or get more information.