UPS Email HoaxThere’s an email spam campaign that looks like it’s from UPS (United Parcel Service). The email claims that a package sent by the recipient could not be delivered. The messages instruct the recipient to open an attachment to print out an invoice.

The emails are not from UPS and there’s no such package as mentioned in the email. However, if the recipient opens the attachment, it will install Malware on the recipient’s computer.

Example email

From: Your UPS

Subject: UPS Tracking #1250295937

Dear ladies and gentlemen,

We were not able to deliver postal package you sent on the 18th May in time because the recipient’s address is not correct.

Please print out the invoice copy attached and collect the package at our office.

Your personal manager: Mabel Waldron, Your UPS

[Attachment Name: UPS invoice 51787 (zip file)]

In response to an attack launched in 2008 that used this method, UPS published the following warning on its website:

Attention Virus Warning
Service Update

We have become aware there is a fraudulent email being sent that says it is coming from UPS and leads the reader to believe that a UPS shipment could not be delivered. The reader is advised to open an attachment reportedly containing a waybill for the shipment to be picked up.

This email attachment contains a virus. We recommend that you do not open the attachment, but delete the email immediately.

UPS may send official notification messages on occasion, but they rarely include attachments. If you receive a notification message that includes an attachment and are in doubt about its authenticity, please contact customerservice@ups.com.

Please note that UPS takes its customer relationships very seriously, but cannot take responsibility for the unauthorized actions of third parties.

Thank you for your attention.

Users should be very cautious of any unsolicited email that urges you to open an attached file to review information about a supposed problem or complaint. This is a very common method of distributing Malware.