Fake Shipping Alert

Be careful of fake emails pretending to be from your bank or shopping sites. Many are phishing scams trying to get your personal information. To avoid those scams, it’s best to go directly to the site instead of clicking to the site from an email.

Other fake emails are trying to infect your computer with a virus. This fake email with a shipping alert has been making the rounds lately:

Subject: Shipping Notification

Message Body:

Shipping Notification Thank you for shopping with us. We look forward to serving you again.

The following is your receipt. Please retain a copy for your records.
Qty  Item no  Description  Price  S&H  Tax  Return
Code
1 FC864-2038B Msg Drma7303 White 650.99 6.95 3.37 ____

Merchandise total 650.99
Shipping and handling 6.95
Tax on mdse 6.75% 3.37
Invoice total 706.31

Welcome to the convenience of shopping JCPenney Catalog

Doing a web search, we confirmed that this was malicious from Cisco Security:

Cisco Security Intelligence Operations has detected significant activity related to spam e-mail messages that claim to contain a shipping notification attachment for the recipient.  The text in the e-mail message instructs the recipient to open the attached file to view the notification.  However, the .zip attachment contains a malicious .exe file that, when executed, attempts to infect the targeted system with malicious code.

E-mail messages that are related to this threat (RuleID2979) may contain the following files:

Shipping Notification.zip
Shipping Notification.exe