DHL Tracking Number UOYKCUFSBERKNAIBR spells danger

Graham Cluley
Graham Cluley
@
@[email protected]
@gcluley

The cyberscoundrels are up to their dirty rotten tricks again, sending fake emails pretending to be notifications from DHL that there is a parcel that you should pick up.

DHL Parcel pickup email

Attached to the emails is a ZIP file called UOYKCUFSBERKNAIBR.zip which contains a malicious threat. Sophos detects the malware proactively as Mal/EncPk-LE. Users of other anti-virus products might be wise to update their systems as this attack is being spammed out widely.

Here’s what the rest of the email looks like:

Sign up to our free newsletter.
Security news, advice, and tips.

Subject:
DHL Tracking Number UOYKCUFSBERKNAIBR

Message body:
Dear customer!

The courier company was not able to deliver your parcel by your address.

You may pickup the parcel at our post office personaly.

The shipping label is attached to this e-mail.
Please print this label to get this package at our post office.

Thank you for attention.
DHL Express Services.

Never forget, if you allow unknown code to run on your computer you could be putting your data, identity, finances and the very ownership of your computer’s resources into the hands of a remote hacker.

Those with eagle eyes might notice the odd wording of the email – but there are plenty of folks out there who will be so excited about the thought of receiving a mystery parcel that they click on the attached file without giving a second thought to the possible consequences.

Update: I am indebted to Clu-blog reader Kurt Wismer who contacted me via Twitter to point out that if you spell UOYKCUFSBERKNAIBR backwards it reads RBIANKREBSFUCKYOU.

Brian Krebs is a security journalist who writes the excellent SecurityFix blog for the Washington Post, and is widely reviled by the cybercrime underworld for his exposés of their activities.

I find it hard to believe that the hackers’ choice of tracking reference number can be a coincidence, even if they did transpose two characters by accident.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.