Skip to content ↓ | Skip to navigation ↓

Scam emails purporting to be legitimate messages from the UK-based Royal Mail postal service are infecting recipients with the CryptoLocker ransomware.

Each of the fake emails asserts that a parcel is awaiting the recipient at the Royal Mail, a message which creates the impression that the recipient must respond to the email in order to arrange to have the parcel collected.

royal mailThe contents of each scam message varies. Whereas one states that the postal service’s retention rate of the parcel will cost 5 pounds per day, another advises the recipient that the parcel cannot be delivered while it is waiting to be collected. All variations of the scam, however, contain a web link that redirects users to a page where CryptoLocker is downloaded onto their machines.

Upon infection, the actors behind the scam warn that the cost of decrypting the files affected by the ransomware will increase the longer the fine is outstanding.

Two of the addresses that scam emails are currently being sent from are ‘RoyalMailParcelpacketinfo@championmailservice.com’ and ‘yourparcel@championmail.com’.

“There are a number of these types of scams in circulation and we would urge people to be mindful of this when receiving and opening emails,” said Crime Prevention Team Leader Paul Golley. “Fraudsters often use fake addresses purporting to be from official organisations such as Royal Mail, banks and building societies, and if people open them and follow the links within the email, viruses can be downloaded, damaging their computer and putting their online security at risk.”

The National Fraud Intelligence Bureau recommends that email users verify the recipient address of each message they receive, evaluate the quality of the images included in a message, not open attachments associated from unsolicited emails, and not click on any links if an email seems suspicious.

To learn more about you can protect yourself from becoming infected by CryptoLocker and other types of ransomware, please click here.