Beware of Fake UPS Exception E-mails

Beware of Fake UPS Exception E-mails

A spam email claiming to be from UPS is making the rounds.

fakeups

As seen in the image above, the e-mail states that a delivery attempt was made and provides a tracking number. The tracking number is real, although it was for a package delivered in February and signed by “DONNA”.

upsdonna

Clicking the tracking number link downloads a zip archive containing an executable with a PDF icon. At the time of this writing, the file is detected by 4/51 vendors on VirusTotal. Malwarebytes Anti-Malware detects the file as Spyware.ZeuS.

Be on the lookout for this spam, and always verify the sender of an e-mail before opening any attachment. Even then, it still may not be safe if the sender is known and his or her account was compromised.

4/11: UPS instructs users to forward these kind of emails to fraud@ups.com

@Malwarebytes Thanks for letting us know! If you receive any, please forward to fraud@ups.com. ^RN @UPS cc: @joshcannell

— UPS Customer Support (@UPSHelp) April 10, 2014


Joshua Cannell is a Malware Intelligence Analyst at Malwarebytes where he performs research and malware analysis. Twitter: @joshcannell

ABOUT THE AUTHOR

Joshua Cannell

Malware Intelligence Analyst

Gathers threat intelligence and reverse engineers malware like a boss.