On Sun, 20 Nov 2011 14:00:05 -0800, Ian Fairclough <[log in to unmask]> wrote: >The message below is very similar to the one I got recently, which I unfortunately didn't recognize as spam You have been an unfortunate victim of "social engineering". Below are tips to help anyone recognize probably harmful spam (any kind, not just this): Does the USPS have your email address at all? Probably, no. Did you give your email to USPS when you mailed the package? No. Have you ever, at any time before received any legitimate email like this from the USPS? Probably, no. What makes you think the USPS cares enough to notify you in this case? Have they ever done so before? No. "Please print out the shipment label attached ..." This requires you to decode the attachment. How many times have you been told to NEVER, EVER, EVER, under ANY curcumstances decode an attachment from a questionable or untrusted or doubtful source? Hundreds to thousands. What is this if not an attachment from a questionable or untrusted or doubtful source? DO NOT EVEN THINK ABOUT decoding the attachment. Delete immediately. "...and collect the package at our office." The USPS NEVER, EVER requires a new shipping label to pickup a package. No reason to print. Did you inspect the full email Received: headers to verify the mail actually came from a USPS server? http://www.haltabuse.org/help/headers/index.shtml ---------------------- Similar spams: Anything purporting to be from IRS USPS EFTPS (Electronic Federal Tax Payment System) ACH Clearing house Any Bank (legitimate banks never send email with attachments) Almost anything purporting to be from UPS DHL FedEx unless you have very recently (2-3 days or less) sent a pkg. If so, inspect EXTREMELY carefully. Go to their website. Call with the tracking number. DO NOT TRUST EMAILS! Anything stating it is an invoice, or refund, or clearance sale, or ... DO NOT TRUST EMAILS! -------------------------------------------------------- Here is another example: (which was trapped and did not go to the list) From: "message daemon" <[log in to unmask]> To: <lstown-l @peach.ease.lsoft.com> Subject: Your Tax Payment ID 98787634 is failed. Date: Tue, 02 Aug 2011 21:18:58 -0800 (Note the date. This msg was received 11/8/2011) Your Federal Tax Payment ID: 34345092 has been rejected. (note this Tax Payment ID is different from the one in the Subject: line) Return Reason Code R21 - The identification number used in the Company Identification Field is not valid. Please, check the information to get details about your company payment in transaction contacts section: (note broken English) attach name = report.18653.pdf (note broken English) In other way forward information to your accountant adviser. (note broken English) EFTPS: The Electronic Federal Tax Payment System PLEASE NOTE: Your tax payment is due regardless of EFTPS online availability. In case of an emergency, you can always make your tax payment by calling the EFTPS. (note no further identification, phone#, signature block, etc.) ---------------------------- The message Received headers: Received: from tlhtu.com (121.245.26.70.cdma-hyderabad.vsnl.net.in [121.245.26.70]) by PEACH.EASE.LSOFT.COM (SMTPL release 1.1c) (envelope-from <[log in to unmask]>) for lstown-l @peach.ease.lsoft.com with TCP; Tue, 8 Nov 2011 11:23:47 -0500 No branch of the US government uses a mail server located in India. This cannot possibly be legitimate. Also a lookup on the domain 'eftps.com' shows it does exist, but belongs to Domain Admin Bank of America Dallas TX 75202 i.e. not to US Government or IRS. ------------------------------ Do not be taken in by such things. They are bogus in 99.9999999999% of cases. (note I don't say 100% because one day I'll win the lottery. The odds of that are far better than any such spam email will turn out to be legitimate.) ############################ To unsubscribe from the LSTOWN-L list: write to: mailto:[log in to unmask] or click the following link: http://peach.ease.lsoft.com/scripts/wa.exe?SUBED1=LSTOWN-L&A=1