These seem to go through waves and surges, with the first ones years ago being very simple "a package failed to be delivered, please print out the attached file to chase it up".... when in fact it is just a zip file attachment, and the emails come from random email addresses.
Over time, the emails are becoming more creative, and more realistic, often copying formats and sender addresses of legit sources... which could easily fool those new to these scams, or less educated (especially the elderly). Things like, being told that a bank transfer had failed and needs your attention, or a purchase receipt that would prompt you to check the details in case your card details were stolen, a paypal/bank/ISP requesting an update of your details (or that your account had been suspended, requiring you to log in to the provided link to fix it), or airline/hotel bookings which also have you worried that someone has been charging your credit card....

But this weeks was one that was claiming to be an offer from Groupon, suggested by "a friend", but with some shoddy grammar, plus the attachment being a zip file, and the source email (not the sender email) being something random... I knew that this was fake, but also knew that this sort of tease/bait of free/cheap stuff could end up being more effective in making people access the Zip file.

So my question is this - has anyone ever accessed the Zip file to see what is in it? Or, is it safe to decompress the contents of a Zip file, without it activating a virus/trojan/worm, just to see what is actually in it? I wouldn't have thought so, but I just wanted to be sure.


Ultimately, the point of this is to serve as a reminder/warning, to never open attachments unless you know for sure what it is, and where it has come from.... especially as they seem to be getting sneakier in replicating official emails and baiting people to open them.