Tag Archive for waybill virus

UPS Email Hoax with Virus

UPS has been alerting subscribers to their “Brown Bulletin” service about a fraudulent email that claims to be from UPS. The bogus email claims that a delivery was missed, and that they’ve attached a waybill that you can use to pickup your delivery.

Sample EPS/FedEx Hoax messageThe recipient is told to download or save the attached waybill file, open it, and print it in order to claim the undelivered package at a UPS office. (A variant of the UPS email hoax is the FedEx email hoax. The message is the same, but instead it claims that a FedEx delivery was missed). I’ve attached some screenshots of the bogus email messages being delivered. See the image at right. You can click it to enlarge the image.

It is safe to receive and open the email message, but don’t open the attachment.  The attachment has a genuine virus. Fortunately if your antivirus is up-to-date you’ll be safe. Your antivirus will detect the virus and remove it. Some antivirus programs will delete the attachment once the message arrives in your inbox. Regardless, I recommend you delete the message from your Inbox.

At the time the email message was circulating the web, UPS had the following warning posted on their web site. They also emailed it to their “Brown Bulletin” subscribers. (This message has since been removed from their site).

Attention Virus Warning

Service Update

We have become aware there is a fraudulent email being sent that says it is coming from UPS and leads the reader to believe that a UPS shipment could not be delivered. The reader is advised to open an attachment reportedly containing a waybill for the shipment to be picked up.

This email attachment contains a virus. We recommend that you do not open the attachment, but delete the email immediately.

UPS may send official notification messages on occasion, but they rarely include attachments. If you receive a notification message that includes an attachment and are in doubt about its authenticity, please contact customerservice@ups.com.

Please note that UPS takes its customer relationships very seriously, but cannot take responsibility for the unauthorized actions of third parties.

Thank you for your attention.

If you want to learn about UPS fraud prevention policy and preventative measures you can take, checkout their Protect Yourself Against Fraud web page. It has news and examples of email, checks and money orders, web sites, and phone scams that illegally use the UPS name and/or logos. If you should ever suspect a message you receive is fraudulent, you can forward it to UPS Fraud prevention at fraud@ups.com.

When the FedEx variant started to circulate, FedEx posted the following alert on their web site:

Be alert for fraudulent e-mails claiming to be from FedEx regarding a package that could not be delivered. These e-mails ask the receiver to open an attachment in order to obtain the airbill or invoice for picking up the package. The attachment contained in this type of e-mail activates a virus. DO NOT OPEN the attachment. Instead, delete the e-mail immediately.

These fraudulent e-mails are the unauthorized actions of third parties not associated with FedEx. When FedEx sends e-mails with tracking updates for undeliverable packages, we do not include attachments.

FedEx does not request, via unsolicited mail or e-mail, payment or personal information in return for goods in transit or in FedEx custody. If you have received a fraudulent e-mail that claims to be from FedEx, you can report it by forwarding it to abuse@fedex.com.

If you have any questions or concerns about services provided by FedEx, please review our services at fedex.com/us/services or contact FedEx Customer Service at 1.800.GoFedEx 1.800.463.3339.

Update: In March of 2009, a DHL email hoax began circulating the Internet. It was a variant of the original email hoax. DHL posted this message on their web site at that time:

Import Information Regarding Fraudulent Use of DHL Tracking eMail

A fraudulent email is being distributed with the subject line “DHL tracking number” The email contains an attachment with a virus that should not be opened. Please delete the entire email and be advised that the package referred to does not exist and that DHL delivery services are operating normally.

Examples of fraudulent UPS messages

Here are some fraudulent messages people have received. Some of them are quite elaborate while others are very simplistic. Most of these were standard phishing scams and didn’t carry virus. The scammers were merely attempting to get personal information or money from the unwary reader.

Anti-virus Up-to-date?

If you’re virus software is kept up-to-date then you needn’t worry about the virus infected messages. If you don’t know if your anti-virus is up to date, leave a comment below about which anti-virus you use, and I will tell you how to check if it is up-to-date.

If you don’t have an anti-virus program, I recommend Avast Free Edition antivirus program from Alwil software. You can read more about Avast in the Skylarking article “Free AntiVirus and No Catch“. Avast is free to use on one compter per household. Download it at www.avast.com.

You can learn more about email hoaxes and how to spot and stop them at the following locations:

Read about other hoaxes (and suspected hoaxes) circulating the Internet in the article on Skylarking: The Tech Tip Blog: