I’m neither a novice nor naïve when it comes to computers, the internet, and online security issues. However, I have to admit this one slipped by me.

I was expecting a package or perhaps two to be delivered by Canada Post a couple of days ago.

I was working away troubleshooting a website and a server problem, tired and a bit distracted because I was trying to do two things at once.Microsoft Outlook popped up a notice indicating that an email had arrived from Canada Post. Of course I went over to have a look and it claimed it had been unable to deliver a package to me the day before. I opened it and it certainly looked like it was from Canada Post. It contained a link for instructions on how to get it re-delivered.

Now normally I am very suspicious about that sort of thing and one of the things I do regularly is hover over the link in any email so that outlook displays the actual destination in the notice bar. This time, tired and waiting for that package, I clicked on the link and it opened in my browser. Even as the page was rendering I saw in the address bar that it was certainly not Canada Post. The loaded site hijacked my browser before I could stop it and any attempts to backtrack or go to another site gave me a message that the site was insecure.

Fake Canada Post Email

Before it could do any more damage, I shut down the browser and rebooted to do a malware scan. As it booted up, it loaded something called php.exe or something similar. I killed that immediately. That turns out to be a Trojan, so it was a little extra left behind in addition to the browser hijack.

Three hours and two different AV scans later, I had my system and my browser back. By then, I was even more tired and hungry and mad at myself for not being more careful. I’m posting this to emphasize how easy it is to get hit by malware these days and how quickly it happens – just a careless click and a matter of seconds.

Please share this as a reminder. It could save you and your friends a lot of time and grief.