Cyber Monday email fraud: UPS “package not delivered”Mon, Nov 28, 2011 by Angela Knox
Cyber Monday sales can mean big savings for shoppers and massive profits for scammers. One campaign Cloudmark has been tracking, as we ramp up to the holiday shopping season, is the UPS “Package Not Delivered” scam designed to prey on online shoppers who are worried about the timely delivery of their purchases. The emails look and feel like they are coming from legitimate shipping outlets such as UPS but in fact, the emails either have virus infected zip files attached to them or they direct recipients to infected sites through the clickable links embedded in the html content.
We’ve seen a number of variants in this campaign (some with attachments, some with no attachments and bad links), all of them personalized to the recipient, and sent from an ever-changing list of fake UPS employees or the generic “UPS Customer Services”.
The from address is faked so that it appears to come from the domain ups.com. Many of the images are copied from legitimate UPS emails and many of the links go to the legitimate UPS site. However, clicking on the call-to-action link that says “Track your shipment now” will take the unsuspecting consumer to a website that can infect the computer with a virus.
Initial reports indicate that spammers were testing out the campaign and the effectiveness of the spam defenses. Cloudmark observed a lull over the weekend, which was followed by a huge blast with rapidly evolving mutations on content. Cloudmark’s flexible fingerprinting system was able to stop the attack within 12 minutes.
With Cyber Monday kicking off the online holiday shopping frenzy, online shoppers should remember to be vigilant about any email message that they receive. No matter how eager they are for their shiny new purchases to arrvive, they should take the time to check the original shipping confirmation that comes directly from the online vendor where the purchase was made.
In addition, rather than clicking on embedded links in an email, they should go directly to the shipping site and plug in the tracking number.