There’s an email spam campaign that looks like it’s from UPS (United Parcel Service). The email claims that a package sent by the recipient could not be delivered. The messages instruct the recipient to open an attachment to print out an invoice.
The emails are not from UPS and there’s no such package as mentioned in the email. However, if the recipient opens the attachment, it will install Malware on the recipient’s computer.
Example email
From: Your UPS
Subject: UPS Tracking #1250295937
Dear ladies and gentlemen,
We were not able to deliver postal package you sent on the 18th May in time because the recipient’s address is not correct.
Please print out the invoice copy attached and collect the package at our office.
Your personal manager: Mabel Waldron, Your UPS
[Attachment Name: UPS invoice 51787 (zip file)]
In response to an attack launched in 2008 that used this method, UPS published the following warning on its website:
Attention Virus Warning
Service UpdateWe have become aware there is a fraudulent email being sent that says it is coming from UPS and leads the reader to believe that a UPS shipment could not be delivered. The reader is advised to open an attachment reportedly containing a waybill for the shipment to be picked up.
This email attachment contains a virus. We recommend that you do not open the attachment, but delete the email immediately.
UPS may send official notification messages on occasion, but they rarely include attachments. If you receive a notification message that includes an attachment and are in doubt about its authenticity, please contact customerservice@ups.com.
Please note that UPS takes its customer relationships very seriously, but cannot take responsibility for the unauthorized actions of third parties.
Thank you for your attention.
Users should be very cautious of any unsolicited email that urges you to open an attached file to review information about a supposed problem or complaint. This is a very common method of distributing Malware.
Yes, very common indeed. So once an email is not from anyone that is on your contact list or from a reputed company, stay on the safe side and don’t open it. Verify with that company first to be sure that it is a legitimate email. To verify, maybe we can check out their website or give them a call.
Andrew,
The best thing is to never open attachments period.
I have trained myself never to open attachments from anyone I don’t know. It amazes me others haven’t done the same thing. Thanks for the heads up. :)
timethief,
That is the smartest approach.
Even though this type of scam is relatively common, many of the EMails look more realistic these days and still dupe people despite increased knowledge of these types of attacks.
timethief is correct, however still need to be aware that even EMail from friends can be sent from worms and EMail addresses can be compromised and spoofed.
However the content of the text of an EMail can generally confirm the EMail may be legit if it has the real friends flair, style or about a relevant topic of conversation or other unique element.
One further method to try prevent such from friends is to watermark. I have asked some friends to even include a code word in the subject to try minimize the risks.
The thing with the UPS EMail is so many valid customers would be expecting deliveries and even some may not have received their delivery. Since some of these customers could inadvertently be on the scam’s email list, then some even wary people may think the EMail to be valid.
Thank you for giving the heads up. Individuals that are expecting packages from UPS should be extra cautious with this!
Advice, please!!
Is there nothing more that we can do about these nuisance emails?
Deleting them is fine but what about taking things further?
Would it help if everyone receiving this rubish ‘forwarded’ it (back) to the sender?
Mike,
Never reply to spam. If you do, you are advising the spammer that your email is active.