Keep an eye on your email for messages from the U.S. Postal Service claiming that you’ve missed an important delivery. Cybercriminals are abusing the public’s trust in the USPS to trick victims into installing the resurgent Trickbot malware.
Researchers at Cofense have been tracking a new Trickbot phishing campaign which began earlier this month. The “lure” the attackers are using is one that most of us have encountered during the pandemic: a missed parcel delivery.
The messages claim that no one was available to provide a signature and that the recipient will have to reschedule the delivery. The criminals “helpfully” note that you can simply print out the linked shipping invoice and present it at a nearby post office to set up a new time.
It’s easy enough to see why someone would hurriedly click the button to view the purported invoice. No one wants to miss a delivery, and it can be incredibly frustrating when you do miss one.