E-mail updates
Follow on Twitter
Subscribe to RSS
Cloudmark
A screenshot of the UPS email fraud, which on first glance, looks credible enough.
In you're in a hurry to get online holiday shopping done and shipped, you may see what appears to be an email from UPS saying "package not delivered," and follow the prompt to click on a link to get the issue resolved. Don't just follow blindly. Chances are the email is a fake, intended to infect your computer with a virus.
The scam is "designed to prey on online shoppers who are worried about the timely delivery of their purchases," wrote Angela Knox of Cloudmark email security, on the company's blog Monday. "The emails look and feel like they are coming from legitimate shipping outlets such as UPS but in fact, the emails either have virus infected zip files attached to them or they direct recipients to infected sites through the clickable links embedded in the HTML content."
In the email shown above, there's one big clue in the message that it's a fake: "We were not able to delivery the post package" reads the mishmashed sentence in the message.
"We've seen a number of variants in this campaign (some with attachments, some with no attachments and bad links), all of them personalized to the recipient, and sent from an ever-changing list of fake UPS employees or the generic 'UPS Customer Services.'
With Cyber Monday the "official" start of the "online holiday shopping frenzy, online shoppers should remember to be vigilant about any email message that they receive," Knox wrote. "No matter how eager they are for their shiny new purchases to arrvive, they should take the time to check the original shipping confirmation that comes directly from the online vendor where the purchase was made. In addition, rather than clicking on embedded links in an email, they should go directly to the shipping site and plug in the tracking number."
UPS itself is quite aware of scammers using its corporate name to spread malware or take advantage of unsuspecting users who might be willing to hand over credit card or other information to cyber criminals. The company recognizes it as a "continuing global issue," and has a Web page devoted to fraud protection that's definitely worth checking out if you use the service.
The company "may send official notification messages," a UPS spokeperson has said, but there are — and this is important — "rarely attachments."
If you get such an email, you can forward it directly to UPS at: fraud@ups.com.
"You should not open attachments and should delete the email after forwarding," UPS advises. The company "continues to work with local and national authorities as well as participate in a cyberspace fraud task force. It's a continuing challenge."
Related stories:
- How to play it safe on Cyber Monday
- 5 tips for staying safe while shopping online
- The 25 worst passwords of 2011
- Fake UPS email has scareware attachment
Check out Technolog, Gadgetbox, Digital Life and In-Game on Facebook, and on Twitter, follow Suzanne Choney.
Leave a Comment:
got one of these supposedly from Fedex this morning. So it won't just be UPS you should worry about
You would think that with the level of sophistication and effort given to making the emails appear legitimate that the scammers wouldn't leave clues such as misspelled or grammatically incorrect words. What a mess. They can't even do crime right!
edit - Newsvine gave me 449:59 to edit this comment, while the article was posted "14025 seconds ago." What's up with the clocks, guys?
These have been around for quite a while. Your best bet is to never click on a link like hat in an e-mail but instead go directly to the shipping company site, whether it is UPS, FedEx, etc. and enter the tracking number directly. This way you are sure you are on the real web site and not some spoof site designed to infect your computer.
Yeah but most people are too stupid nowadays to even realize grammar errors. We are turning into a nation of illiterates.
I agree with johnnieboy63 about the illiteracy part, when reading other people`s comment about the subject, words are often mis-spelled and I don`t claim to be the greatest speller in the world, but I proof read what I type and I have a dictionary, next to me if needed. Most of the areas of spell check, they should at least do that. Good Luck!!!!
First was from USPS. forwarded to US post office phishing dept. second was DHL delivery. Third was New Your traffic department for speeding ticket with car. Never been to NY but forwarded it to New York Police Dept. Bloomberg e-mailed me back and said it contained virus. Fourth was from IRS, sent to phishing@irs.gov Fifth from UPS for unknown package. Sixth from fed-x. Most looked quite authentic looking but not quite. remember if you didn't give them your e-mail addy its probably spam or phishing with a virus hiding in the attachment. do not open!!!
chicory51
I recieved one form NY city traffice department too (or supposedly). I laughed and new it was a virus because I never been to NY city and I DON'T DRIVE HA HA!! I have had the others too but the traffic ticket just made me laugh. I knew right away it was a virus. The others look pretty real. I say when ever in dought contact the company directly through website or the customer service number the site gives you.
I've gotten a few from the USPS as well. Stay vigilant.
I got it last week & scanned it as I was expecting packages. Thought it was odd that it was a zip file when in past it has always been just a tracking number so didnt go any further with it just deleted it.
This is old news..they've been doin this for years..if they have no tracking number in the email that matches your actual tracking number from the online retailer..it is bogus..
Also..there is NO REASON ups or fed ex etc would have to send you an attachment.. I get about 10 - 50 or so scam e-mails a day..right in my spam folder..all of em..attachments..
I didn't even read the story yet..seen the "fake" sample e-mail at top..read the way that sentence was spelled etc..knew was fake.
It's bad though..because the non computer savvy will fall for this..
The FBI needs to track down these little Ba$tard$ and give a few of them 10 years in the slammer. That would stop this crap real fast.
Problem is, most of them originate from outside the US, so the FBI has no jurisdiction.
Too bad. I'd like to see them stopped and locked up too.
We would have more people in prison that not if that were the case, besides most of these things come from foreign countries.
I put a bow on craigslist and got a phony official bank check. Called the FBI. They told me fraud is so prevalent they just don't go after it anymore unless it's big money. Even IN the US.
I get some that are claimed to be FROM the FBI. lol The FBI no longer has a way to report these on their web sites. That's how much they care about it.
And yes, I have been getting these for years. Most of them are FED-X ones that I get.
Just send in seal team six, no fuss, no muss. They don't need no stinkin badges.lol
I got an email from the USPS and it said I had a package that wasn't delivered. I sell on Ebay alot and this was a concern to me because I use the USPS almost standard for all my sales. I opened the email up and it had a document that I assumed would show why and where the package was. Well... when I opened the attachment and downloaded the file my computer started to say things like RAM memory full and my hard drive was corrupt and then all kinds of things stated to slow my computer down then it wouldn't even load the task manager because it had somehow blocked my access to close things out. Then, I tried to open the control panel then my computer started to lock up then didn't operate at all. Please for everybody reading this if you see this Email please be very aware it will kill your entire system and nothing will be accessible. Mine was an older model but I hope those who read this might be of help.
Don't trash a computer just because you get a virus. If you have access to another computer just download a reputable program that will fix your Windows registry, a program that will stop the malicious software (such as Rkill) and then an anti-malware program (such as Malwarebytes) to a flash drive (all of these are available for free, so it will cost you nothing). Then start up the infected computer in SAFE MODE, insert flash drive, run the programs on the drive, reboot - voila computer fixed.
And lastly, don't pay somebody $200 to do this either! It's easy and there are forums where helpful folks post step by step info for ridding your computer of malware or viruses - just do a Google search if you wind up in this situation.
Moved this post - didn't belong in this thread.
Thank you "Crying Shame" I will do this and let you know on this post if it worked. Thanks so much for this info for everyone to see
Keep in mind - always get an operating system recovery disk and a drivers disk from those you buy your computer from. Sometimes the only solution to an infected computer is - reformatting the hard drive and reinstalling the operating system and all the drivers for the video card, sound card, etc. Also keep in mind - drivers are also available on the web site for your brand of computer. And - you will have to get all the operating system updates.
Oddly - some sellers no longer give you the Operating System recovery disk unless you request it - often only after you purchase the computer.
Got one on Saturday...said the package I sent on Nov 20th was undeliverable at the written address. Nov 20th just happens to have bee SUNDAY.....and any fool (except the scammers) know the PO does no business on Sunday. What a Laugh!!!
I get these from UPS, USPS FEDEX, DHL and all go to spam. Always trace on the actual website, never from an email purporting to be a common carrier such as these.
Ya think?!
I've been getting them for weeks now, purportedly from UPS, USPS and FedEx. Since there is no reason for any of them to have that e-mail address (I use a different one for on-line ordering), they're obviously a fake.
Delete.
Important info to have during the holiday season.
Important info to have during the holiday season.
I get loads of these. You'd have to be pretty thick to think they were real. Maybe folks think it's a briefcase full of money from that guy in Nigeria.
lol, never click on a link its that simple. i would have in less than 5 seconds went to the email that the item was shipped from got the tracking number and went to ups to check. that goes for emails from your bank and everything this is kinda your fault at this point in life. the internet isn't "new" anymore...
of course this stuff is pure scam whats wrong with you people ?
Attention Newsvine poster!
Your Newsvine account is about to be deleted due to possible unauthorized access a few days ago. Unless you contact us IMMEDIATELY and verify your information your account will be permanently deleted tomorrow. Please click the following link and enter your user name and password to verify your account.
http://www.123jack-scam.com/thanksalot/youpoorsucker.html
The amazing part about all of these scams is that they work. And they work well. There are a lot of stupid people losing their money because the internet is for everyone. I help people with their internet safety and one of the first things I ask is if they would open every door they come to in any major city. Just imagine what you would find. Links are just doors to other people’s places.
I have been on the internet for 14 years and always had an address thru my provider for purchases and banking and correspondence with close friends and I very seldom get SPAM. I have a web based address for stuff like commenting on stories and FACEBOOK and other miscellaneous stuff and I am barraged with SPAM. Hint: Set up your email address thru your provider for sensitive stuff and whenever you forward something, delete all the previous addresses and any other trailing information as this contributes to SPAM and in some cases, identity theft. Just common sense folks!
The first thing victims should remember is "How the hell did they get my email address in the first place?!!"
UPS, FedEx and the like aren't going to be sending you emailed messages about this kind of stuff.
That was my first thought too.
Did I give them my address? Did the store I bought from give them my address? If both answers are "NO" then why would they send me email?
Considering all the mistakes in grammar and spelling on legitimate websites and emails, it's no wonder that the mishmashed English doesn't always tip people off!
Try talking to a good share of the US population now days. If they write as poorly as the speak it is no surprise they don't notice grammar or spelling errors.
The attack on our education system started a long time ago. It is just now becoming evident as a main tactic to pushing the US back to 3rd world status. Rich rulers and an uneducated populace. Welcome to Amuurika and enjoy the fall.
Lol...the other tip off might be the fact that it says "USPS" several times at the bottom, even though the e-mail is from UPS.
I would love to stuff the barrel of my Saiga 12 gauge shotgun up the AS* of the Jerks who put out these e-mails. To soft on all the crime in this country, Time to start shooting some fools. And if that offends you, Too Fuc*ing Bad, whiner!
"In the email shown above, there's one big clue in the message that it's a fake: "We were not able to delivery the post package" reads the mishmashed sentence in the message."
Great job, guys - tell the crooks what they're doing wrong and how to fix it.
The bad grammar gives them away every time. You can bet these come from China, N. Korea, Nigeria, Iran or somewhere else the US gummint has no jurisdiction.
People that fall for this are as dumb as the people trying to scam them. "...not able to delivery the post package"? Really? You'd think that is a legit way a major corporate company would word their emails?
Please don't open any attachments in any emails ever unless you know the person/email address. Even then they could be infected with a virus and sending out emails or a spammer using their email address. If there's an attachment, you should always make double and triple sure it's real before you open it especially if it's something unexpected. About 10 years ago I opened an attachment from a friend's email and ended up with fireworks on my computer screen and a complete re-install of windows. Never again.
if you believe the crap that you receive by e-mail it's your own fault when you get scammed !!