‘UPS Delivery Notification’ Scam Raises its Head Again
According to MXLogic's Threat Operations Center, a fresh onslaught of bogus 'UPS Delivery Notifications' started. The reports said that these fraudulent e-mails started coming on January 6, 2009 and they carried an infected compressed file, which would plant malicious software on the target computer.
Security specialists stated that there is nothing new about the tactic of fake UPS delivery notifications. The first time these e-mails were noticed was in July 2008. Since then, people have witnessed numerous similar UPS variants although they showed limited success.
Giving more details on the recent scam, the security experts said that it seems to come from 'United Postal Service' and shows "Delivery Problems" in the subject line as well as contains a zip attachment of a file named UPSinvoice.zip.
The message says that the sender is apologetic for not being able to deliver the postal parcel the recipient ordered for on December 25, 20089 as the address for delivering parcel is incorrect. The message then directs the recipient to take out a copy of the attached bill to collect the parcel from the UPS office.
Like earlier tricks, the current e-mail is quite general. It doesn't make a reference of the delivery address of the parcel nor its pick up address. In addition, since UPS never asks for an e-mail address to contact during the shipping of a package, there is every possibility that the message is illegitimate.
Also, the message content is nearly identical to the earlier variants except for the date mentioned and the name of the message's sender.
Although the new bait isn't much varied than those sent earlier, still it seems to be penetrating many more inboxes. While the real volume of the e-mails isn't substantial, still it represents around 75% of the total malicious e-mails that MXLogic witnessed during January 6-7, 2009.
Moreover, security specialists said that malware tactics nowadays aim to make monetary gains in the most silent manner and the 'UPS' failed delivery notification' tactic is a clear display of today's malware dynamics.
Related article: “Loopholes did not cause online banking thefts”: ICBC
» SPAMfighter News - 16-01-2009