United Parcel Service malware attack spreads fake anti-virus

Filed Under: Malware, Spam

UPS parcelEmail inboxes around the world are being spammed today with a malicious attack designed to infect Windows computers with a fake anti-virus attack.

The emails claim to be notification from United Parcel Service (UPS) that a package is winging its way to your address. The cybercriminals behind the scheme hope that recipients will be intrigued enough to open the attached file, which can infect their computer with malware.

A typical message looks as follows:

United Parcel Service notification

Subject: United Parcel Service notification #[number]

Message body:

United Parcel Service
tracking number #[number]

Good morning
Parcel notification

The parcel was sent your home adress.
And it will arrive within 3 buisness days.

More information and the parcel tracking number are attached in document below.

Thank you

United Parcel Service of America (c)
153 James Street, Suite100, Long Beach CA, 90000

Attached file: UPS_Document.zip

Would the spelling mistakes and grammatical errors be enough to ring an alarm bell in your head? Or would the promise of an unexpected parcel being delivered be enough to trick you into opening the attachment?

Sadly you can't always rely on the bad guys being sloppy with their typing, and some attacks are more professional than others. The fact is that simple social engineering tricks like this can be enough to trick people who really should know better into making the mistake of opening an unsolicited attachment.

And remember this - when someone sends you a parcel, they give the delivery company your snail-mail address. They're very unlikely to have also given them your email address! So be suspicious of any emails from delivery companies which arrive unexpectedly.

Sophos products detect the malware threat attached to the emails as Mal/FakeAV-LI - a fake anti-virus scam designed to scare you into believing your computer has security problems in order to persuade you to part with your hard-earned cash.

Users of other anti-virus products might be wise to check that their security software detects this threat, as it has been pretty widely spammed out.

, , , ,

You might like

9 Responses to United Parcel Service malware attack spreads fake anti-virus

  1. Debbie Curtis-Magley · 1147 days ago

    At UPS, we take fraud seriously. We investigate fraud or misrepresentation of our services, information tools and brand using the Internet. Fraud on the Internet is a continuing global issue, so we post fraud protection information directly on our home pages around the world to advise customers. Here is the link for fraud protection information at our U.K. site: http://www.ups.com/content/gb/en/resources/ship/f...

    Thanks for educating your readers on this important topic.

    Debbie Curtis-Magley
    UPS Public Relations
    Twitter: @UPS
    Blog: http://blog.ups.com/

  2. vanitas · 1147 days ago

    Have been receiving this as well as DHL and FedEx notices for the past two months at least. Seeing the bad spelling on the one I opened tipped me off (plus the fact that I had not ordered anything).

  3. Tig Stone · 1147 days ago

    I have been getting these for months at my yahoo address. Same thing claiming to be from FedEx as well.

  4. kevin · 1147 days ago

    maybe try replying to the email first...if it bounces back there is a good chance its a fake

    • NotHazard · 1146 days ago

      That's horrible advice, while you might get a Daemon reply from some incorrect email, you don't always get one. Gmail does a pretty good job by blocking spoofed email addresses. I do wish that Google made it easier to see the ACTUAL identity of the sender, intead it's buried deep.

  5. Roy W · 1144 days ago

    I have seen these messages, but have not had attachments with them, however not expecting a parcel in any case should be significant enough to know that there would hardly be a birthday present coming from Auntie Clara in the near future

  6. Peter Newman · 1137 days ago

    I recieved and opened the file... which then sent my Internet explorer into spasms (I think it was trying to open IE, but Kasperski was shutting it down each time)

    How do I know I don't still have the malware in my PC?

  7. @MrMickeyRourke · 689 days ago

    Thank you saved me!

  8. Drake · 608 days ago

    I have received nearly daily fake messages for nearly two months -all detected as potential viruses. When do they give up or stop as a rule?

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley runs his own award-winning computer security blog, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.