Beware of Fake UPS Exception E-mails

Beware of Fake UPS Exception E-mails

A spam email claiming to be from UPS is making the rounds.


As seen in the image above, the e-mail states that a delivery attempt was made and provides a tracking number. The tracking number is real, although it was for a package delivered in February and signed by “DONNA”.


Clicking the tracking number link downloads a zip archive containing an executable with a PDF icon. At the time of this writing, the file is detected by 4/51 vendors on VirusTotal. Malwarebytes Anti-Malware detects the file as Spyware.ZeuS.

Be on the lookout for this spam, and always verify the sender of an e-mail before opening any attachment. Even then, it still may not be safe if the sender is known and his or her account was compromised.

4/11: UPS instructs users to forward these kind of emails to

@Malwarebytes Thanks for letting us know! If you receive any, please forward to ^RN @UPS cc: @joshcannell

— UPS Customer Support (@UPSHelp) April 10, 2014

Joshua Cannell is a Malware Intelligence Analyst at Malwarebytes where he performs research and malware analysis. Twitter: @joshcannell


Joshua Cannell

Malware Intelligence Analyst

Gathers threat intelligence and reverse engineers malware like a boss.