Cyber Monday email fraud: UPS “package not delivered”

Mon, Nov 28, 2011 by Angela Knox

Cyber Monday sales can mean big savings for shoppers and massive profits for scammers. One campaign Cloudmark has been tracking, as we ramp up to the holiday shopping season, is the UPS “Package Not Delivered” scam designed to prey on online shoppers who are worried about the timely delivery of their purchases. The emails look and feel like they are coming from legitimate shipping outlets such as UPS but in fact, the emails either have virus infected zip files attached to them or they direct recipients to infected sites through the clickable links embedded in the html content.

 Screenshot of UPS email fraud

Screenshot of UPS email fraud

We’ve seen a number of variants in this campaign (some with attachments, some with no attachments and bad links), all of them personalized to the recipient, and sent from an ever-changing list of fake UPS employees or the generic “UPS Customer Services”.

The from address is faked so that it appears to come from the domain ups.com.  Many of the images are copied from legitimate UPS emails and many of the links go to the legitimate UPS site.   However, clicking on the call-to-action link that says “Track your shipment now” will take the unsuspecting consumer to a website that can infect the computer with a virus.

Initial reports indicate that spammers were testing out the campaign and the effectiveness of the spam defenses.  Cloudmark observed a lull over the weekend, which was followed by a huge blast with rapidly evolving mutations on content.  Cloudmark’s flexible fingerprinting system was able to stop the attack within 12 minutes.

Timeline of the UPS email fraudTimeline of the UPS email fraud

With Cyber Monday kicking off the online holiday shopping frenzy, online shoppers should remember to be vigilant about any email message that they receive.  No matter how eager they are for their shiny new purchases to arrvive, they should take the time to check the original shipping confirmation that comes directly from the online vendor where the purchase was made.

In addition, rather than clicking on embedded links in an email, they should go directly to the shipping site and plug in the tracking number.

4 Responses to “Cyber Monday email fraud: UPS “package not delivered””

  1. Dennis Says:

    I been getting at least one of these a day now. The return address is no good and UPS will not answer my emails about it nor it seems are they trying to do anything about it

  2. Cyber Monday Scams – Avoid Becoming a Victim Says:

    [...] Shortly after Cyber Monday, an e-mail began circulating purporting to be from UPS regarding failed delivery of an order. Clicking a link or downloading a file to track the failed delivery resulted in nothing more than a [...]

  3. Criminals Duping Cyber Monday Shoppers Through UPS Phishing Scam | ITProPortalITProPortal.com Says:

    […] software maker Cloudmark reported in a blog post that the ‘UPS package not delivered scam’ has been progressing since the start of […]

  4. Wilson Edwards Says:

    I have encountered one of those cases few days back. I am amased that these e-mails tend to appear so legitimate and real that any literate person can get fooled. Fortunately I was lucky enough that I didn’t get into that trap.

Leave a Reply
(will not be published)
Submit Your Comments

* Indicates a required field

Learn More About Cloudmark
Our Products
News and Events
Site Map  •  Privacy Policy  •  ©2002–2014 Cloudmark, Inc.