Emails purporting to be from delivery company, UPS, claim that a package sent by the recipient could not be delivered. The messages instruct the recipient to open an attachment to print out an invoice.
The emails are not from UPS and the package mentioned in the messages does not exist. The attachment does not contain an invoice as claimed in the messages. In fact, opening the attachment will install malware on the recipient’s computer.
From: Your UPS
Subject: UPS Tracking #1250295937
Dear ladies and gentlemen,
We were not able to deliver postal package you sent on the 18nd May in time because the recipient’s address is not correct.
Please print out the invoice copy attached and collect the package at our office.
Your personal manager: Mabel Waldron, Your UPS
[Attachment Name: UPS invoice 51787 (zip file)]
From: “UPS Service Manager”
Subject: UPS Delivery Problem NR 89038.
Unfortunately we failed to deliver your postal package you have sent on the 2nd of December in time because the addressee’s address is erroneous. Please print out the invoice copy attached and collect the package at our office.
United Parcel Service of America.
[Attachment Name: UPS INVOICE TRACKING NRPS-4244-232225-4 (zip file)]
According to these email messages, US based delivery company United Parcel Service (UPS) could not deliver a package sent by the recipient because the delivery address was incorrect. The emails urge the recipient to open an attached file so that an invoice for the supposed package can be printed out.
However, the emails were not sent by UPS and the information they contain about a package delivery failure is untrue. In fact, the email attachments contain a malicious computer program. Internet criminals have now been using the “failed UPS delivery” ruse to distribute malware for several years. In response to an attack launched in 2008 that used this method, UPS published the following warning on its website:
Attention Virus Warning
We have become aware there is a fraudulent email being sent that says it is coming from UPS and leads the reader to believe that a UPS shipment could not be delivered. The reader is advised to open an attachment reportedly containing a waybill for the shipment to be picked up.
This email attachment contains a virus. We recommend that you do not open the attachment, but delete the email immediately.
UPS may send official notification messages on occasion, but they rarely include attachments. If you receive a notification message that includes an attachment and are in doubt about its authenticity, please contact firstname.lastname@example.org.
Please note that UPS takes its customer relationships very seriously, but cannot take responsibility for the unauthorized actions of third parties.
Thank you for your attention.
UPS has also published an article about protecting against fraud in which it notes:
If you receive a fraudulent or suspicious e-mail that claims to be from UPS, do not respond or open any attachments or links associated with the e-mail.
The attachments contains malware, often detected as Win32:Trojan-gen by Avast anti-virus. Other anti-virus companies may have other names for this malware. And, different versions of the malware emails may contain other variants of the malware. Generally speaking however, once installed, this trojan can connect to a remote server, download other malware components, add entries to the Windows Registry, potentially steal data from the infected computer and cause other serious issues on the infected computer. The malware can be difficult to remove.
Internet users should be very cautious of any unsolicited email that urges you to open an attached file to review information about a supposed problem or complaint. This is a very common method of distributing malware. Always ensure that you have effective and up-to-date security software installed on your computer, including anti-virus and anti-spyware scanners and a firewall.
Last updated: 1st June 2010
First published: 16th July 2008
By Brett M. Christensen