Tuesday, December 14, 2010

Beware: UPS/FedEx/USPS delivery email may bring you unpleasant surprise

I am getting multiple emails with all kind of warnings about ugly devastating viruses and Trojans, which are going to penetrate my computer one or another way. You probably know what I mean, as you probably get this kind of mass-mailing as well. So, most of the warnings are simple spam which is delivered to my mailbox by friends with the best intentions. However, I never accept anything as the truth before I check e warning through the trusted informational sources.

Today I got the following email:
The newest virus circulating is the UPS/Fed Ex Delivery Failure. You will receive an email from UPS/Fed Ex Service along with a packet number… It will say that they were unable to deliver a package sent to you on such-and-such a date. It then asks you to print out the invoice copy attached. DON'T TRY TO PRINT THIS. IT LAUNCHES THE VIRUS! Pass this warning on to all your PC operators at work and home. This virus has caused Millions of dollarsin damage in the past few days.
This time, after thorough investigation, I have to admit that the warning is real. This kind of emails started the circulation from 2008, but it seems that there is a new spike is around this Holiday season.  


The sample of the email you may get is as follows:

Unfortunately we failed to deliver the postal package you have sent on the 19th of September in time because the recipient's address is erroneous.
Please print out the shipment label attached and collect the package at our office.
United States Postal Service
If you receive such an email, don't be tempted! Clicking on the attachment, which looks like a harmless Word document, opens an executable file that installs malware on your computer. The USPS is also aware of attempts to collect personal information via the phone:

Customers may be receiving email messages or phone calls that allege to be from the U.S. Postal Service that contains fraudulent information about attempted or intercepted package delivery.
For emails: If opened, the messages instruct customers to click on a link to find out more about when they can expect delivery of their "package." Simply delete the message without taking any further action.
For phone calls: Please do not provide any personal information and let the caller know you're not interested and hang-up the phone.
The Postal Inspection Service is aware of the problems and are working hard to resolve the issues and shut down the malicious programs.
We regret any inconvenience this may have caused our customers.

UPS, FedEx, and DHL have all issued warnings to immediately delete these emails and to never click on links contained therein. UPS writes that it “may send official notification messages on occasion, but they rarely include attachments.” FedEx says emails it sends with tracking updates for undeliverable packages “do not include attachments.”

If you receive one of these emails, just delete it if you haven't sent a package. If you have sent a package and receive one of these messages, but question its authenticity, contact the customer service department of whichever service you used.

Don't open email attachments until you're certain they're from a legitimate party. In addition, remember to update your antivirus software often, and back up your hard drive regularly.

Note that the message may be a bit different, but still carry the dangerous load:

Mr./Mrs. XXX

I am sorry for this late reply, but we have good news.
We managed to track your package, and we have attached the invoice you asked for to this reply.

The invoice contains the correct tracking# , since the one you gave us was invalid.
You can use it on the ups website to track your shipment.
Thank you

John Henry
UPS Customer Care Department

Some user reported that even the sources of the alleged failure delivery note might not be limited by USPS, FedEx, and UPS. Some users reported similar presents from Western Union.

So, rule number one – be careful opening any attachments.
Rule number two - do not open any attachments with EXE extension. Period!
Rule number three – watch for strange emails similar to those presented in the post and delete them right away.

Sources and Additional Information:

1 comment:

Package Delivery said...


Just want to say what a great blog you got here! I’ve been around for quite a lot of time, but finally decided to show my appreciation of your work!

Related Posts Plugin for WordPress, Blogger...