My spam box at work loads up daily with “your order shipped” notices. The message says they couldn’t deliver. How does this work?
Generally speaking, if you respond you will be told that there is some re-delivery fee or some storage fee you must pay if you ever want to see your shipment again. If you don’t promptly remit this fee via Western Union, your shipment will be destroyed or put up for auction.
I get them frequently, if yours is the one I’m thinking of (Fedex telling you to go to the post office for your parcel - huh?). If so, there is a link for you to get the details of the parcel. Hover over that link (DO NOT CLICK!) and notice what your browser says the link really points to.
A few months ago I walked past my dad’s computer (we work together) and saw an email on his screen from the “USPS”. Something about a delivery and a link. I was going to tell him not to click on it, but against my better judgement, I didn’t.
Took me about 6 hours to clean the computer. I asked him why he clicked on it, and then proceeded to explain to him that the USPS doesn’t email people that have packages waiting for them and even if they did, they certainly don’t have his email on file anywhere.
In short, it could just be a link to deliver malware to your computer.
Often they’ll play several angles at once. It’ll be a phishing scam, clickfraud on multiple ad networks, and attempt to install malware too.
Those delivery-problem scam e-mails, as a general rule, seem to be unusually stupidly done, even for scam spam.
A great many of the ones I get mention a specific order number, or give a PIN code I’m supposed to use, or other details to make it look authentic. They often have an attachment, supposedly to open a form I’m supposed to fill in and submit (obvious phishing there).
And what is the give-away that these are not only frauds, but that they are originating from particularly stupid fraudsters? The e-mail is sent to a (sometimes lengthy) list of CC recipients (my own e-mail address being one of them)!
Come on, you idjits! You haven’t got the smarts to use a BCC list instead of a CC list? Dumb!
It’s not that they’re stupid. It’s that they don’t need to do anything more complicated than that. You are not the target. They’re after easy marks, people who can’t tell the difference anyway.
Also, the people who are digging up lists and sending emails are not the ones who created the scam. They’re low paid workers. Anyone clever enough to improve on the scam won’t waste time doing it themselves, they’ll recruit others to do it for them. The ones left doing the tedious work are not the sharpest knives in the drawer.
Many of them come with attachments that are supposedly a form to fill out. The attachments themselves are malware. I have several in my collection.