Malware vectors are those ways that the “bad guys” use to spread malware (viruses, worms, and other malicious code) between computers. Typically these get started based on some action by the user – either going to a website that downloads the code to your computer, or clicking on a link.
We all think we are smart enough that it won’t happen to us. However, some of these have become very realistic, and hard to differentiate from legitimate links. One that it is easier to fall for right now is the fake tracking notices. I have seen these using both UPS and FedEx as the sender. They look real. They have standard format for tracking numbers. They look like they are coming from a legitimate sender. However, they are really sending you to a site that downloads malware to your PC.
How can you tell the real ones from the malicious notices? Typically, when you purchase something online, the retailer will send you the email with the link to the shipping information, not the shipper. Additionally, if you aren’t expecting a shipment, then odds are good that the notice is not real.
When in doubt, write down the tracking number. Type in the shipper web address – either www.ups.com or www.fedex.com. On their site enter the tracking number. If there is information there, the notice was probably legitimate. If the tracking number is invalid, you just saved yourself from potentially having your personal information exposed, and from having to clean malware off of your computer.