You are here

Alert: Two variations of Royal Mail scam emails containing Cryptolocker are being sent by fraudsters

12th June 2015

The National Fraud Intelligence Bureau (NFIB) has identified scam emails claiming to be from the Royal Mail which are tricking victims into downloading CryptoLocker ransomware.

One of two email types have been received by the victims, both stating that the Royal Mail are holding an item for the victim and that a response to the email is required to arrange for the item to be resent/collected:                                            

  1. Email states that they are holding a letter and there will be a £5 per day charge if the letter is not collected. It then instructs the victim to click on a link to get the letter resent. From here the ransomware infects the victims system.
  2. Email states that a parcel could not be delivered and that it is waiting for collection. A link on the email is provided for further information. The link takes the victim to a page that appears to be part of the Royal Mail website where victims are requested to enter a code (believed to have been in the original email). Once the code has been entered the victim is instructed to download an application, this application downloads the ransomware.  

According to the Royal Mail and NFIB the emails appear to be coming from [email protected]

Encrypts victim’s files

The ransomware encrypts files on the victim’s computer and a window appears requesting a payment, to be made in Bitcoins, to decrypt the files. There is further incentive for early payment as the ransom states that the cost of decrypting the files will increase the longer the fine is outstanding.

The victim is asked to pay around £300-£360 initially, rising to £600-£660 if not paid within a period of time. The victims of this fraud, although primarily individuals, does also include a number of businesses.

The NFIB advises that members of the public and businesses should take the following steps to reduce the potential for falling victim to this type of malware:

  • Look at who the email is addressed to, is it generic or specifically addressed.
  • Look at the quality of the images included on the email. Are they of sufficient high quality that they could come from Royal Mail?
  • Do not open attachments from unsolicited emails regardless of who they are from.
  • Do not click on the link supplied. Instead, go to the relevant website and log in from there.
  • Check the address of any email received to see if it appears legitimate.
  • Additional information regarding Royal Mail online security can be found here.

To report a fraud and receive a police crime reference number, call Action Fraud on 0300 123 2040 or use our online fraud reporting tool.