Home Archive Not Able to Deliver UPS Package Malware Email

Not Able to Deliver UPS Package Malware Email

by Brett M. Christensen

Emails purporting to be from delivery company, UPS, claim that a package sent by the recipient could not be delivered. The messages instruct the recipient to open an attachment to print out an invoice.

Brief Analysis:
The emails are not from UPS and the package mentioned in the messages does not exist. The attachment does not contain an invoice as claimed in the messages. In fact, opening the attachment will install malware on the recipient’s computer.


From: Your UPS

Subject: UPS Tracking #1250295937

Dear ladies and gentlemen,

We were not able to deliver postal package you sent on the 18nd May in time because the recipient’s address is not correct.

Please print out the invoice copy attached and collect the package at our office.

Your personal manager: Mabel Waldron, Your UPS

[Attachment Name: UPS invoice 51787 (zip file)]

From: “UPS Service Manager”

Subject: UPS Delivery Problem NR 89038.


Unfortunately we failed to deliver your postal package you have sent on the 2nd of December in time because the addressee’s address is erroneous. Please print out the invoice copy attached and collect the package at our office.

United Parcel Service of America.

[Attachment Name: UPS INVOICE TRACKING NRPS-4244-232225-4 (zip file)]

Detailed Analysis:
According to these email messages, US based delivery company United Parcel Service (UPS) could not deliver a package sent by the recipient because the delivery address was incorrect. The emails urge the recipient to open an attached file so that an invoice for the supposed package can be printed out.

However, the emails were not sent by UPS and the information they contain about a package delivery failure is untrue. In fact, the email attachments contain a malicious computer program. Internet criminals have now been using the “failed UPS delivery” ruse to distribute malware for several years. In response to an attack launched in 2008 that used this method, UPS published the following warning on its website:

Attention Virus Warning
Service Update

We have become aware there is a fraudulent email being sent that says it is coming from UPS and leads the reader to believe that a UPS shipment could not be delivered. The reader is advised to open an attachment reportedly containing a waybill for the shipment to be picked up.

This email attachment contains a virus. We recommend that you do not open the attachment, but delete the email immediately.

UPS may send official notification messages on occasion, but they rarely include attachments. If you receive a notification message that includes an attachment and are in doubt about its authenticity, please contact customerservice@ups.com.

Please note that UPS takes its customer relationships very seriously, but cannot take responsibility for the unauthorized actions of third parties.

Thank you for your attention.

UPS has also published an article about protecting against fraud in which it notes:

If you receive a fraudulent or suspicious e-mail that claims to be from UPS, do not respond or open any attachments or links associated with the e-mail.

The attachments contains malware, often detected as Win32:Trojan-gen by Avast anti-virus. Other anti-virus companies may have other names for this malware. And, different versions of the malware emails may contain other variants of the malware. Generally speaking however, once installed, this trojan can connect to a remote server, download other malware components, add entries to the Windows Registry, potentially steal data from the infected computer and cause other serious issues on the infected computer. The malware can be difficult to remove.

Internet users should be very cautious of any unsolicited email that urges you to open an attached file to review information about a supposed problem or complaint. This is a very common method of distributing malware. Always ensure that you have effective and up-to-date security software installed on your computer, including anti-virus and anti-spyware scanners and a firewall.

Last updated: 1st June 2010
First published: 16th July 2008
By Brett M. Christensen
About Hoax-Slayer

Protect Yourself Against Fraud
Fake UPS Invoice Email
E-mail allegedly from UPS delivers a computer virus

Importance Notice

After considerable thought and with an ache in my heart, I have decided that the time has come to close down the Hoax-Slayer website.

These days, the site does not generate enough revenue to cover expenses, and I do not have the financial resources to sustain it going forward.

Moreover, I now work long hours in a full-time and physically taxing job, so maintaining and managing the website and publishing new material has become difficult for me.

And finally, after 18 years of writing about scams and hoaxes, I feel that it is time for me to take my fingers off the keyboard and focus on other projects and pastimes.

When I first started Hoax-Slayer, I never dreamed that I would still be working on the project all these years later or that it would become such an important part of my life. It's been a fantastic and engaging experience and one that I will always treasure.

I hope that my work over the years has helped to make the Internet a little safer and thwarted the activities of at least a few scammers and malicious pranksters.

A Big Thank You

I would also like to thank all of those wonderful people who have supported the project by sharing information from the site, contributing examples of scams and hoaxes, offering suggestions, donating funds, or helping behind the scenes.

I would especially like to thank David White for his tireless contribution to the Hoax-Slayer Facebook Page over many years. David's support has been invaluable, and I can not thank him enough.

Closing Date

Hoax-Slayer will still be around for a few weeks while I wind things down. The site will go offline on May 31, 2021. While I will not be publishing any new posts, you can still access existing material on the site until the date of closure.

Thank you, one and all!

Brett Christensen,