UPS Email Hoax with Virus

UPS has been alerting subscribers to their “Brown Bulletin” service about a fraudulent email that claims to be from UPS. The bogus email claims that a delivery was missed, and that they’ve attached a waybill that you can use to pickup your delivery.

Sample EPS/FedEx Hoax messageThe recipient is told to download or save the attached waybill file, open it, and print it in order to claim the undelivered package at a UPS office. (A variant of the UPS email hoax is the FedEx email hoax. The message is the same, but instead it claims that a FedEx delivery was missed). I’ve attached some screenshots of the bogus email messages being delivered. See the image at right. You can click it to enlarge the image.

It is safe to receive and open the email message, but don’t open the attachment.  The attachment has a genuine virus. Fortunately if your antivirus is up-to-date you’ll be safe. Your antivirus will detect the virus and remove it. Some antivirus programs will delete the attachment once the message arrives in your inbox. Regardless, I recommend you delete the message from your Inbox.

At the time the email message was circulating the web, UPS had the following warning posted on their web site. They also emailed it to their “Brown Bulletin” subscribers. (This message has since been removed from their site).

Attention Virus Warning

Service Update

We have become aware there is a fraudulent email being sent that says it is coming from UPS and leads the reader to believe that a UPS shipment could not be delivered. The reader is advised to open an attachment reportedly containing a waybill for the shipment to be picked up.

This email attachment contains a virus. We recommend that you do not open the attachment, but delete the email immediately.

UPS may send official notification messages on occasion, but they rarely include attachments. If you receive a notification message that includes an attachment and are in doubt about its authenticity, please contact customerservice@ups.com.

Please note that UPS takes its customer relationships very seriously, but cannot take responsibility for the unauthorized actions of third parties.

Thank you for your attention.

If you want to learn about UPS fraud prevention policy and preventative measures you can take, checkout their Protect Yourself Against Fraud web page. It has news and examples of email, checks and money orders, web sites, and phone scams that illegally use the UPS name and/or logos. If you should ever suspect a message you receive is fraudulent, you can forward it to UPS Fraud prevention at fraud@ups.com.

When the FedEx variant started to circulate, FedEx posted the following alert on their web site:

Be alert for fraudulent e-mails claiming to be from FedEx regarding a package that could not be delivered. These e-mails ask the receiver to open an attachment in order to obtain the airbill or invoice for picking up the package. The attachment contained in this type of e-mail activates a virus. DO NOT OPEN the attachment. Instead, delete the e-mail immediately.

These fraudulent e-mails are the unauthorized actions of third parties not associated with FedEx. When FedEx sends e-mails with tracking updates for undeliverable packages, we do not include attachments.

FedEx does not request, via unsolicited mail or e-mail, payment or personal information in return for goods in transit or in FedEx custody. If you have received a fraudulent e-mail that claims to be from FedEx, you can report it by forwarding it to abuse@fedex.com.

If you have any questions or concerns about services provided by FedEx, please review our services at fedex.com/us/services or contact FedEx Customer Service at 1.800.GoFedEx 1.800.463.3339.

Update: In March of 2009, a DHL email hoax began circulating the Internet. It was a variant of the original email hoax. DHL posted this message on their web site at that time:

Import Information Regarding Fraudulent Use of DHL Tracking eMail

A fraudulent email is being distributed with the subject line “DHL tracking number” The email contains an attachment with a virus that should not be opened. Please delete the entire email and be advised that the package referred to does not exist and that DHL delivery services are operating normally.

Examples of fraudulent UPS messages

Here are some fraudulent messages people have received. Some of them are quite elaborate while others are very simplistic. Most of these were standard phishing scams and didn’t carry virus. The scammers were merely attempting to get personal information or money from the unwary reader.

Anti-virus Up-to-date?

If you’re virus software is kept up-to-date then you needn’t worry about the virus infected messages. If you don’t know if your anti-virus is up to date, leave a comment below about which anti-virus you use, and I will tell you how to check if it is up-to-date.

If you don’t have an anti-virus program, I recommend Avast Free Edition antivirus program from Alwil software. You can read more about Avast in the Skylarking article “Free AntiVirus and No Catch“. Avast is free to use on one compter per household. Download it at www.avast.com.

You can learn more about email hoaxes and how to spot and stop them at the following locations:

Read about other hoaxes (and suspected hoaxes) circulating the Internet in the article on Skylarking: The Tech Tip Blog:


11 comments

  1. […] to warn me, while others ask if it’s “just a hoax”.  (See my post regarding the “UPS Email ‘Partial’ Hoax” and my own web page “Email Hoaxes: How Spot Them, How To Check […]

  2. shahadin says:

    Kaspersky Lab is pleased to offer all potential antivirus software customers the chance to evaluate our products free of charge before committing to purchasing them. Through our trial program, you can download a free, 30-day trial version of one of our products.

  3. Dillion says:

    Every time i come here I am not dissapointed, nice post

  4. JimS says:

    The current incarnation of this delivery method is not detected by most antivirus vendors as of this date. Only 13 of 41 vendors’ current detection engines/signatures detect the attached malware.

    http://www.virustotal.com/analisis/33d3c2db42a93d43704491d280aec721b0dee07645472a30c0f5a20325b53fa8-1248458053

    (yes, Shahadin, Kaspersky is one of the few that do detect it!)

    Rule of thumb – if it sounds fishy it probably is.

    Lesson #1 in the School of Hard Knocks – If you have your file extensions hidden so you can’t see that the attachment zip file contains an executable file that shows you an excel icon, and you double-click it thinking you’ll get some sort of excel formatted invoice, you get what you deserve! Always reverse the stupid, STUPID Microsoft default of hiding known file extensions!

  5. I got a message from:
    Cassandra Burton-parcel@ups.com Do not open!!!!!!!!!!!!!!!!!!!

  6. kathleen says:

    Contact UPS by phone if you’re ever in doubt about the legitimacy of a UPS email prior to opening it – UPS Phone Number

  7. Cholly says:

    I’d must thank you here — not something I usually do! It was a pleasure to read a post up that will make folks think when opening suspicious emails. Also, thanks for permitting me to comment!

  8. fantastic posting and pretty educating. an authentic eye opener if anyone is which are exploring for you to enrich his or her knowlage.

Leave a Reply

Your email address will not be published. Required fields are marked *