Malicious Email - "Royal Mail Has Detained Your Package for Some Reason"

Malicious Email - Royal Mail Has Detained Your Package for Some Reason

Would you share this Article with others?  +

The email message below: "Mail – Lost / Missing package – UK Customs and Border Protection", has a virus attached to it. The email was not sent by Royal Mail, but by cybercriminals, whose aim is to infect thousands of computers with a malicious program called a Trojan horse. With this program, these criminals can steal your information and take control of your computer remotely, which they will use to commit cybercrimes that will be traced back to you.

The Malicious Email Message

Royal Mail Has Detained Your Package for Some Reason Malicious Email

Mail – Lost / Missing package – UK Customs and Border Protection

Royal Mail has detained your package for some reason (for example, lack of a proper invoice, bill of sale, or other documentation, a possible trademark violation, or if the package requires a formal entry) the RM International Mail Branch holding it will notify you of the reason for detention (in writing) and how you can get it released.

Please fulfil the documents attached.

The email message claims that a package was detained for some reason and you should complete the attached form in order to release it. The attached file is not a form, but a malicious computer program called a Trojan horse, disguised a PDF document.

The attachment is a Zip or compressed file with the name "", and contains the malicious Trojan horse with the name "Royal-Mail_Report _03485734895374895637249 865238746532649573245.pdf.exe".

This Trojan horse is known as TR/Crypt.Xpack.32532, Trojan.DownLoader9.22851, Trojan.Win32.Inject (A), Trojan.Win32.Inject.gtgw, PWSZbot-FMU!4948180CFBA9, Trojan.Agent.ED or Troj/DwnLdr-LEX.

The Trojan horse will do the following if you open it:

  • collect information from your computer
  • change your firewall's policies and settings
  • steal private information from local Internet browsers
  • harvest usernames and passwords from local FTP client software
  • install itself so it will automatically run when your computer starts up
  • ake screenshots and send it back to the cybercriminals behind this malicious computer program

If you receive this email message, please delete it. Do not open the attachment, even if you have antivirus software installed on your computer.

If you have already opened the malicious attachment, please use your antivirus software to do a full scan of your computer.

Note: Some of the names, addresses, email addresses, telephone numbers or other information in samples on this website may have been impersonated or spoofed.

Check the comment section below for additional information and share what you know or ask a question about this article by leaving a comment below.

Remember to forward suspicious, malicious, or phishing email messages to us at the following email address: And, report missing persons, scams, untrustworthy, or fraudulent websites to us. Tell us why you consider the websites untrustworthy or fraudulent. Also, to quickly find answers to your questions, use our search engine.

You can help maintain Online Threat Alerts (OTA) by paying a service fee. Click here to make payment.

Comments, Questions, Answers, or Reviews

There are no comments as yet, please leave one below or revisit.

To help protect your privacy, please do not post or remove, your full name, telephone number, email address, username, password, account number, credit card information, home address or other sensitive information in or from your comments, questions, or reviews. Also, remember to keep comments, reviews, answers respectful.

Write Your Comment, Question, Answer, or Review

Write your comment, question, answer, or review in the box below to share what you know or to get answers. NB: We will use your IP address to display your approximate location to other users.

Your comment, question, answer, or review will be posted as an anonymous user because you are not signed in. Anonymous posts cannot be edited or deleted. Sign-in.

Keep your comment respectful or it will not be posted.

Malicious Email - "Royal Mail Has Detained Your Package for Some Reason"